Though ransomware attacks have decreased in the past few months, the attackers are still up and kicking and exploring new strategies to lure more victims. Utilizing offline encryption tools such as Microsoft CryptoAPI, new-age ransomware is evolving to become more lethal and sophisticated for menacing businesses and individuals.
What is Ransomware?
Ransomware is a variety of malware intent on extracting a ransom from victims whose computer systems are affected. Once an attacker infects a computer by tricking the user through phishing or social engineering, the malware encrypts all data files in the system and replicate itself to other devices connected to the network. After infecting the target machines, the ransomware locks the users out of their devices until they receive a ransom. Hence the name.
The ransom amount ranges from a few hundred dollars to millions of dollars. The attackers ask victims to pay the amount in bitcoins or other forms of cryptocurrency within a timeline. If the victim fails to meet the deadline, the ransom demanded doubles or the data gets deleted.
If the victim pays the ransom money, the attacker may (or may not) return the encryption key.
Types of Ransomware:
Ransomware falls into the following categories:-
1) Crypto Ransomware– Crypto ransomware variants attack and infect the victims through weapons cryptography. In this type of attacks, the attack vector intrudes into the victim’s device and then encrypts the original or entire filesystem using an encryption key.
2) Locker ransomware – Unlike crypto-based malware, locker ransomware doesn’t usually encrypt the file system. Instead, this ransomware locks the user interface of the target device to render them useless until the victim pays the ransom amount.
3) RaaS– Ransomware-as-a-Service is the most spine-chilling form of existing malware. Unlike locker and crypto-based ransomware, RaaS is a subscription-based model handled by expert cyber criminals. These criminals take care of the complicated technical end of a ransomware attack – such as retrieving payments and managing the decryptors – enabling less experienced hackers to launch stinging attacks. Once such attacks successfully pull in ransom from the victims, the various elements party to the offense receive a cut.
- The first ransomware called AIDS Trojan – aka – PC Cyborg was written in 1989. Over time, ransomware became one of the scariest forms of cyberattack. In 2013, CryptoLocker infected more than 250,000 computers and extorted about $3 million. Later, various clones of notorious ransomware dubbed CryptWall and TorrentLocker emerged to target high profile enterprises in industries such as health, manufacturing, customer service providers, banking, and government.
- In 2014, CryptoWall made its way to the top of the most notorious ransomware list. Till 2015, the ransomware managed to victimize a broad base of users to rake in ransom money worth around $18 million. In 2015, another ransomware Alpha Crypt lured hundreds of victims into taking in $76,562 in ransom payment.
- In March 2016, the Ottawa Hospital in Canada, Kentucky Methodist Hospital, Chino Valley Medical Center and Desert Valley Hospital in the US were hit by massive ransomware attack. In the Ottawa Hospital attack, cybercriminals managed to take down around 9,800 computers. However, according to several reports, none of these Hospitals paid any ransom money.
- Throughout 2016 and 2017, users worldwide experienced devastating cyber-attack with ransom demands running into millions of dollars.
- Maersk and FedEx are two of the best-known companies in the shipping and delivery business world. In 2017, both the companies grabbed headlines for an entirely different reason. While the Danish ship and supply vessel operator’s 90,000 employee’s computer across 130 countries were compromised, FedEx systems network was also down. Both the attacks were executed using NotPetya ransomware, utilizing the NSA exploit dubbed EternalBlue, and blew $300 million holes in the IT budget of each logistics giant.
- Another high-profile victim of NotPetya was Merck, the US-based pharmaceutical company, which cost $310 million worth loss in the same year.
- In 2018, SamSam ransomware successfully extorted about $6 million by carefully picking its victims such as schools, and hospitals and gaining control through brute-forcing weak RDP passwords.
- Ransomware such as BitPaymer is not far behind in the race. Through several successful attacks, BitPaymer looted half a million US dollars. Other ransomware like Dharma and GandCrab is used by many cyber-criminal gangs to target small and medium businesses.
Key safety tips –
Besides the existing ransomware, several cloned versions of the older ransomware are emerging. These instances hint that ransomware is here to stay. Hence it is better to be cautious and shield your system/ network.
Here are a few safety tips for a secure environment:
- Backup – Take regular backups of essential files in the system. Many ransomware checks backup copies in the order, and if available they encrypt them too. Hence you should better keep the backup copies in external hard drives.
- Update – Do update your operating system and application software whenever available. Developers usually roll out patches and updates with fixes for all the discovered vulnerabilities to keep the rogue cybercriminals at bay.
- Email cautions – Be attentive before opening any email attachments. Executing ransomware attacks through file attachments is an old and conventional method. Never open any email attachments coming from an unknown or untrusted source.
- Bookmarking power – Try to bookmark the websites you visit frequently. It helps you get rid of mistyping website URLs. Many cyber attackers host websites with URLs sounding similar to popular sites.