Ransomware Explained

Ransomware is a type of malware that encrypts files and demands payment for their decryption. It is often spread through phishing emails, exploit kits, and malvertising. To protect against ransomware attacks, it is recommended to regularly back up files, use reliable antivirus software, and keep all software and operating systems up to date. Some notorious ransomware examples include WannaCry, GrandCrab, Locky, and Bad Rabbit. Ransomware attacks continue to evolve, and it is crucial to remain vigilant and informed about the latest threats and protection methods.

Basics

In recent years, the most prominent malware threat worldwide is ransomware, a form of malicious software that affects both individual systems and networks of organizations such as businesses, hospitals, airports, and government agencies.

The development of ransomware has come a long way since its first registered appearance in 1989. Earlier versions were straightforward, known as non-encryption ransomware. In contrast, contemporary ransomware relies on cryptography techniques to encrypt files, rendering them inaccessible. To entirely lock a computer operating system, encryption ransomware can also be used on hard drives. Attackers' ultimate objective is to persuade victims to pay for a decryption ransom, usually in untraceable digital currencies such as Bitcoin or other cryptocurrencies. However, it is uncertain whether the attackers will honor payments.

How Not to Become a Victim?

Ransomware distribution commonly involves three different forms of social engineering. One of the most prevalent methods is phishing, where attackers use email attachments or links disguised as legitimate to infect their victims. Compromising one computer in an organization's network can spread ransomware to the entire system.

Another common method is the use of exploit kits, which are pre-packaged with various malicious tools and pre-written exploit codes that exploit vulnerabilities in software and operating systems. Cybercriminals frequently target outdated software, making insecure systems more susceptible to attack.

Lastly, attackers may use malvertising to disseminate ransomware. This involves using advertising networks to spread malicious code to unsuspecting victims.

Personal Protection From Ransomware

To reduce the risk of ransomware infection, it is essential to take certain precautions. Firstly, it is vital to back up your files regularly to an external source so that you can restore them if necessary. Secondly, be cautious with email attachments and links, and avoid clicking on ads and visiting websites from unknown sources.

To further minimize the risk of ransomware attacks, install a reliable antivirus program and keep all software applications and operating systems up to date. Enabling the 'Show file extensions' option in Windows settings will allow you to easily identify potentially dangerous file extensions such as .exe, .vbs, and .scr.

Avoid accessing websites that are not secured with the HTTPS protocol, although keep in mind that some malicious websites also use HTTPS. To further mitigate the threat of ransomware, visit NoMoreRansom.org. The website, created by law enforcement and IT security companies, provides free decryption toolkits for infected users and valuable advice for preventing ransomware attacks.

Examples of Ransomware

GrandCrab (2018)

GrandCrab is a notorious ransomware that was first detected in January 2018. Within a month of its emergence, the malware had already infected over 50,000 victims, mostly through phishing emails and malvertising. It was also the first ransomware to demand payment in DASH cryptocurrency, with the initial ransom amounting to between $300 and $1500.

The Romanian authorities, in partnership with Bitdefender and Europol, worked to disrupt GrandCrab and were successful in doing so. A free data recovery kit is now available to those affected by the malware.

WannaCry (2017)

In a global cyberattack that lasted for four days, over 300,000 computers were infected by WannaCry. The malware used an exploit called EternalBlue and primarily targeted Microsoft Windows operating systems, with Windows 7 being the most vulnerable. The attack was eventually stopped after Microsoft released emergency patches.

While no concrete evidence was presented, security experts from the US claimed that the attack was carried out by North Korea.

Bad Rabbit (2017)

A fake Adobe Flash update was used to spread ransomware that required manual installation of a .exe file. The majority of infected machines were located in Russia, and the cost of decryption was about 280 US dollars or 0.05 BTC at the time.

Locky (2016)

Locky was commonly spread via email attachments disguised as invoices that required payment. The Hollywood Presbyterian Medical Center fell victim to Locky in 2016 and ended up paying a ransom of 40 BTC (equivalent to $17,000 at the time) to regain access to their computer systems.

Conclusion

Ransomware has become a significant threat to organizations and individuals worldwide. The damage caused by ransomware attacks can be extensive, with victims often left with a difficult decision to pay the ransom or lose their data. To protect against ransomware attacks, it is essential to take preventative measures, such as keeping the software and operating systems updated, avoiding suspicious email attachments and links, and backing up files regularly. While ransomware attacks continue to evolve, it is critical to remain vigilant and stay informed about the latest threats and protection methods.