Ransomware

Malware Attack

Ransomware is a type of malware attack in which attacker locks and encrypts the victim ‘s data and then demands a heft amount to decrypt the data . The attacker takes advantages of network,software vulnerabilities to attack the victims via computer,printer,smartphone,wearables,POS(point of sale) or other endpoint.

Ransomware Distribution Technique

The device is infected when the victim clicks a link, visits a web page, or installs a file, application, or program that includes malicious code designed to covertly download and install the ransomware.

1. Phishing Email : Clicking a embedded link ,which redirects to a malicious web page.
2. Social-Media: Clicking a malicious link on Facebook,Twitter,social media posts etc.
3. Malversting: Clicking a Legitimate advertising site which is seeded with the malicious code…
4. Self-Propagation: Spreading the Malicious code to the other devices via USB devices or via network.
5. Email Attachments: Opening an email attachment and enabling malicious macros; or downloading a document embedded with a Remote Access Trojan (RAT); or downloading a ZIP file containing a malicious JavaScript or Windows Script Host (WSH) file.

Working of Ransomware

The Seven stage Ransomware attack as shown in the diagram…

1. Infection — Ransomware is covertly downloaded and installed on the device.
2. Execution — Ransomware scans and maps locations for targeted file types, including locally stored files, and mapped and unmapped network-accessible systems. Some ransomware attacks also delete or encrypt any backup files and folders.
3. Encryption — Ransomware performs a key exchange with the Command and Control Server, using the encryption key to scramble all files discovered during the Execution step. It also locks access to the data. (See Figure 2.)
4. User Notification — Ransomware adds instruction files detailing the pay-for-decryption process, then uses those files to display a ransom note to the user.
5. Cleanup — Ransomware usually terminates and deletes itself, leaving only the payment instruction files.
6. Payment — Victim clicks a link in the payment instructions, which takes the victim to a web page with additional information on how to make the required ransom payment. Hidden TOR services are often used to encapsulate and obfuscate these communications to avoid detection by network traffic monitoring.
7. Decryption — After the victim pays the ransom, usually via the attacker’s Bitcoin address, the victim may receive the decryption key. However, there is no guarantee the decryption key will be delivered as promised.

Top most dangerous Malware threats in 2022

Cryptojacking : This type of attack is unique to cryptocurrencies.Crypto-malware effectively saves hackers large overheads, as it allows them to “mine” cryptocurrencies without paying for expensive mining hardware or racking up large electricity bills. Once cryptocurrencies have been mined, they are sent to crypto-wallets that are controlled by malware operators.

Windows -OS Ransomware: In the recent times hackers have distributed emails instructing targets to quickly install an urgent windows Os update.Email security controls and a comprehensive consolidated security solution can help stop these types of malware events.

Raas : Ransomware-as-a-service has widely gained popular among ransomware gang for a variety of reasons.The growth of Raas has also intrigued non-coders and non-techies to execute ransomware attacks.

Fleeceware: Although many tend to delete unwanted apps on the phone. Fleeceware continues to charge app users significant sums of money. It’s a shady practice that app developers engage in.

Shlayer Malware: Main target is the MacOS devices and is highly dependent on flash updates and social engineering methods to make the victims to install the malware on devices.Hackers are coming up with new schemes to get this malware onto computers that largely hinge on social engineering tactics.

How to protect yourself from Ransomware ???

1. Backup Everything (all around backup) : Suppose you backup your data everyday . Imagine there has been a malware attack and the attacker asks for $30000 so you have nothing to fear since all your data is intact on another server.
2. Screening of your emails!!! : Learning to prevent phishing is one of the most important ways to protect yourself from a ransomware attack since most ransomware is distributed through email.
3. Invest in Security Awareness Training : Important to educate people about the security breaches taking places and what's the reason behind this.Investing in security awareness training will help create a culture of vigilant employees working to identify and avoid malicious links, phishing emails, and dangerous behavior online.
4. Applying Security Patches to all your applications : Patching helps you to prevent hackers from entering your machines .Java, Flash, Adobe, etc. all need to be consistently updated and/or patched to make them impenetrable.