- What is Ransomeware and Ransom Attacks?
- How does it work? A History of Ransom Attacks.
- Types of Ransomware.
- How to Protect Against Ransom Attacks?
- What to do if you are affected by ransomware encryption.
What is Ransomeware and Ransom Attacks?
Ransomware is malicious software that blocks, or denies access to a computer system or data until a ransom is paid by the victim. A ransom usually has a deadline for the payment and the threat usually involves deleting the victims data or releasing it to the public. The data is usually encrypted by the hacker to close their access to it. Ransom attacks are very common throughout Europe, North America, and the U.K. The Cybersecurity and Infrastructure Security Agency (CISA) have noticed a large increase in ransom attacks over the past decade. The FBI advises to not pay a ransom fee because those victims typically face additional ransom attack in the future because they’re looked at as an easy target. Hackers are willing to target any business or organisation that has confidential information.
How does it work? A History of Ransom Attacks.
Ransom attacks usually are carried through a trojan that seems to be a normal file that is sent as an email attachment. People should be very wary of just opening email attachments because they could contain a virus. Ransomware can lock down your computer system and encrypt all of your files as a result of you opening a random phishing email attachment file that has an embedded link. Your computer will then be locked down by a payload that has a “fake warning” accusing you of illegal activities and the warning states you must pay a ransom before you can access your computer again. Payload encryption files can be very sophisticated and may require you to repair your operating system, or even encrypting your file in a way that the malware author needs a key just to regain access to your operating system. Paying the ransom fee can be very risky because there is no guarantee that the hacker will give you an unlock code so you can gain access to your computer. Victims a lot of the time will continually pay the ransom without ever gaining their files. Attackers are just trying to make money, so they have no reason to decrypt your files.
One of the first known ransom attacks occurred in 1996. In 1996 the ”cryptoviral extortion” attack was introduced at Columbia University. This ransomware contained the attacker’s public key and encrypted the victim’s files, and prompted the victim to send asymmetric ciphertext to the attacker to decipher and return the decryption key for a payment in return. The Cryptoviral Extortion showed the advanced creation of modern cryptographic tools and was presented at the 1996 IEEE Security and Privacy conference. Ransomware has become more popular with the occurrence of bitcoin, and cryptocurrencies which allow hackers to use encryption techniques to secure transactions. Cybercriminals have also used gift cards as payment to remain anonymous because a gift card can't be traced back to anyone. In 2014, Cryptowall was a major trojan that targeted windows. Cryptowall was a malvertising campaign that targeted websites and was used as an advertisement that would redirect users to websites that used browser plugin exploits to download the payload. This payload was written in Javascript as part of an attachment. The malware would encrypt files, and steal passwords and money out of bitcoin wallets. In 2015 the FBI reported there were over 1,000 victims of Cryptowall, and over 18 million was stolen.
Types of Ransomware.
- Scareware: This is a fake software that many people have seen before. Scareware is a popup that tells you there is something wrong with your computer and demands you pay money to fix it. Scareware fills up your screen with popups and alerts until it is removed.
- Crypto Malware: This ransomware is very powerful and can spread into thousands of computers at once while encrypting and extracting data.
- Doxware: Doxware threatens to publish stolen information online many people give in to these threats and pay a ransom in fear of their information being made public.
- Cryptolocker: This is a trojan that can encrypt files using a whitelist of file extensions. This ransomware was used in 2013 and threatened to delete the private key if a payment of Bitcoin or a pre-paid cash voucher was not made within 3 days of the infection. The cryptolocker trojan is very difficult to repair and the cost of the private key was very expensive. The Russian hacker that ran this malware was eventually caught in 2014 after extorting over 3 million dollars.
- RaaS: “Ransomware as a Service,” is a malware that is hosted by hackers and involves the collecting of payments to decryptors, and these hackers worked distribute ransomware and the software that restores access to data.
How to Protect Against Ransom Attacks?
- Always update your operating system because system updates typically include patches for security vulnerabilities that your computer could be exposed to.
- Install security software because it helps to protect your computer with antivirus, and it protects your computer from hidden threats you may not be aware of.
- Never open email attachments from unfamiliar sources or email accounts. Also, be careful when you come across an email attachment that advises you to enable macros to view it. Macro malware can infect files on your computer when opened, so I would recommend deleting any emails that seem suspicious.
- Backup your data on a hard drive so that hackers cannot access them. Store important information on an external hard drive to protect your information offline because if a hacker did manage to steal any of your information you would still be able to exceed it on your external hard drive. Backup your data regularly.
- Never pay a ransom! If a cybercriminal is threatening you with a money ransom he will just try to get as much money from you as possible. Sending cybercriminal money is a huge mistake! A hacker could just take your ransom money and just go ahead and release your data online for everyone to see.
- Cloud services can help to mitigate a ransom infection because they can allow you to access unencrypted forms of your old files.
- If you suspect that your computer system is being attacked its important to remember that encryption can take a while, so if you can work to remove the malware in the early stages of the attack you can still possibly reduce the amount of data that is being damaged in the attack.
- Configure firewalls, and spam filters to prevent phishing emails.
- Scan all incoming and outgoing emails
- If you have to you can always call federal and local law enforcement to help you remove ransomware from your computer so you can move forward to find the cybercriminals.
What to do if you are affected by ransomware encryption.
Here are some helpful steps and tips you can follow if your computer is ever affected by ransomware.
- Check to see if you can access all of your files and documents.
- Always remember you can try to recover any deleted files with available programs.
- Isolate the infection by disconnecting your computer from any external hard-drives and go offline, so you can make sure that your dropbox, or Google drive for example isn’t affected by the ransomware. Your computer should be isolated from all other devices and networks.
- Install antivirus to remove the ransomware from your computer. You can also wipe your system, setup backups and clean application sources. You should have a backup plan in place so you can save all of your documents, photos, and media files.
- Wiping your system completely will ensure the entire malware is gone.
- System restore is not always the best option because malicious software can be rooted throughout your computer system and it cannot replace your old files.