- 1 What is Ransomware?
- 2 Where ransomware comes from
- 3 Quick history of Ransomware
- 3.0.1 This is it for the ransomware will write about the latest Ransomware version which was used in latest cyber threat which hit whooping 99 countries and 250,000 systems and many big service agencies. Till then keep following us and please do like our face book page and follow me on twitter for more updates like this and don’t forget to subscribe.
- 3.1 Related
What is Ransomware?
Ransomware (a.k.a. rogueware or scareware) is a malicious software that restricts access to your computer system and demands that a ransom is paid in order for the restriction to be removed.Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. It may also encrypt the computer’s Master File Table or the entire hard drive. Thus, it is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. these kind of attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
Types’s of Ransomware:
1.Encryptors, which incorporates advanced encryption algorithms. It’s designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content. Examples include CryptoLocker, Locky, CrytpoWall.Wanna-cry and more.
2.Lockers, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer. Examples include the police-themed ransomware or Winlocker.
3.Some locker versions infect theMaster Boot Record (MBR). The MBR is the section of a PC’s hard drive which enables the operating system to boot up. When MBR ransomware strikes, the boot process can’t complete as usual and prompts a ransom note to be displayed on the screen. Examples include Satana and Petya families.
Crypto-ransomware, as encryptors are usually known, are the most widespread ones, and also the subject of this article. The cyber security community agrees that this is the most prominent and worrisome cyber threat of the moment.
Some feature’s of ransomware:
- It feature sunbreakable encryption, which means that you can’t decrypt the files on your own (there are various decryption tools released by cyber security researchers – more on that later);
- It has the ability to encrypt all kinds of files, from documents to pictures, videos, audio files and other things you may have on your PC;
- It can scramble your file names, so you can’t know which data was affected. This is one of the social engineering tricks used to confuse and coerce victims into paying the ransom;
- It will add a different extension to your files, to sometimes signal a specific type of ransomware strain;
- It will display an image or a message that lets you know your data has been encrypted and that you have to pay a specific sum of money to get it back;
- It requests payment in Bitcoins because this crypto-currency cannot be tracked by cyber security researchers or law enforcements agencies;
- Usually, the ransom payments have a time-limit, to add another level of psychological constraint to this extortion scheme. Going over the deadline typically means that the ransom will increase, but it can also mean that the data will be destroyed and lost forever.
- It uses a complex set of evasion techniques to go undetected by traditional antivirus (more on this in the “Why ransomware often goes undetected by antivirus” section);
- It often recruits the infected PCs into botnets, so cyber criminals can expand their infrastructure and fuel future attacks;
- It can spread to other PCs connected to a local network, creating further damage;
- It frequently features data exfiltration capabilities, which means that it can also extract data from the affected computer (usernames, passwords, email addresses, etc.) and send it to a server controlled by cyber criminals; encrypting files isn’t always the endgame.
- It sometimes includes geographical targeting, meaning the ransom note is translated into the victim’s language, to increase the chances for the ransom to be paid.
Where ransomware comes from
Ransomware is created by scammers who are highly knowledgeable in computer programming. It can enter your PC through an email attachment or through your browser if you happen to visit a website that is infected with this type of malware. It can also access your PC via your network.
Quick history of Ransomware
It may be difficult to imagine, but the first ransomware in history emerged in 1989 (that’s 27 years ago). It was called the AIDS Trojan, whose modus operandi seems crude nowadays. It spread via floppy disks and involved sending $189 to a post office box in Panama to pay the ransom.
How times have changed!
The appearance of Bitcoin, and evolution of encryption algorithms helped turn ransomware from a minor threat used in cyber vandalism, to a full-fledged money-making machine. As a result, every cybercriminal wants to be a part of this.
This graph shows just how many types of encrypting malware researchers have discovered in the past 10 years.
And keep in mind 3 things, so you can get a sense of how big the issue really is:
- There are numerous variants of each type (for example, CrytpoWall is on its 4th version);
- No one can map all the existing families out there since most attacks go unreported.
- New ransomware is coming out in volumes at an ever-increasing pace.
If you want more to learn about history of Ransomware read more about it here.