RANSOMEWARE, WHAT IS AND HOW DOES IT WORKS

-


RANSOMEWARE, WHAT IS AND HOW DOES IT WORKS?


Ransomware is computer malware that installs covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it.

Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.

The ransomware may also encrypt the computer's Master File Table (MFT) or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. 


MECHANISM:
ATTACKER -> VICTIM: The attacker generates a key pair and places the corresponding public key in the malware. The malware is released.

VICTIM -> ATTACKER: To carry out the cryptoviral extortion attack, the malware generates a random symmetric key and encrypts the victim's data with it. It uses the public key in the malware to encrypt the symmetric key. The victim sends the asymmetric ciphertext and e-money to the attacker.

ATTACKER -> VICTIM: The attacker receives the payment, deciphers the asymmetric ciphertext with his private key, and sends the symmetric key to the victim. The victim deciphers the encrypted data with the needed symmetric key thereby completing the cryptovirology attack.


CRYPTOLOCKER
Encrypting ransomware reappeared in September 2013 with a Trojan known as CryptoLocker, which generated a 2048-bit RSA key pair and uploaded in turn to a command-and-control server, and used to encrypt files using a whitelist of specific file extensions. The malware threatened to delete the private key if a payment of Bitcoin or a pre-paid cash voucher was not made within 3 days of the infection. Due to the extremely large key size it uses, analysts and those affected by the Trojan considered CryptoLocker extremely difficult to repair. Even after the deadline passed, the private key could still be obtained using an online tool, but the price would increase to 10 BTC—which cost approximately US$2300 as of November 2013.


CRYPTOLOCKER.F
The Trojans spread via fraudulent e-mails claiming to be failed parcel delivery notices from the Post Service; to evade detection by automatic e-mail scanners that follow all links on a page to scan for malware, this variant was designed to require users to visit a web page and enter a CAPTCHA code before the payload is actually downloaded, preventing such automated processes from being able to scan the payload.

TORRENTLOCKER
Contained a design flaw comparable to CryptoDefense; it used the same keystream for every infected computer, making the encryption trivial to overcome. However, this flaw was later fixed. In November 2014, it was estimated that over 9,000 users had been infected by TorrentLocker in Australia and Turkey with 11,700 infections.


CRYPTOWALL
Appeared in 2014 and was distributed as part of a malvertising campaign on the Zedo ad network in September 2014 that targeted several major websites; the ads redirected to rogue websites that used browser plugin exploits to download the payload. CryptoWall 3.0 used a payload written in JavaScript as part of an email attachment, which downloads executables disguised as JPG images. The malware creates new instances of explorer.exe and svchost.exe to communicate with its servers. When encrypting files, the malware also deletes volume shadow copies, and installs spyware that steals passwords and Bitcoin wallets.

The FBI reported in June 2015 that nearly 1,000 victims had contacted the bureau's Internet Crime Complaint Center to report CryptoWall infections, and estimated losses of at least $18 million.

The most recent version, CryptoWall 4.0, enhanced its code to avoid antivirus detection, and encrypts not only the data in files but also the file names.


WHY RANSOMWARE ATTACKS HOME USERS:

  • Don’t have data backups
  • They don’t keep their software up to date (even if specialists always nag them to);
  • They fail to invest in need-to-have cyber security solutions;
  • They often rely on luck to keep them safe online (i can’t tell you how many times i’ve heard “it can’t happen to me”);
  • Most home users still rely exclusively on antivirus to protect them from all threats, which is frequently ineffective in spotting and stopping ransomware;
  • The same lack of online safety awareness makes them prone to manipulation by cyber attackers;
  • Of the sheer volume of internet users that can become potential victims (more infected pcs = more money).
  • They have little or no cyber security education, which means they’ll click on almost anything
 

WHY RANSOMWARE ATTACKS TARGET BUSINESSES:
  • That’s where the money is;
  • Small businesses are often unprepared to deal with advanced cyber attacks (which ransomware is) and have a lax byod (bring your own device) policy.
  • Cyber criminals know that business would rather not report ransomware attacks for fears of legal or reputation-related consequences;
  • The human factor is still a huge liability which can also be exploited, but through social engineering tactics;
  • Computer systems in companies are often complex and prone to vulnerabilities that can be exploited through technical means;
  • Ransomware can affect not only computers, but also servers and cloud-based file-sharing systems, going deep into a business’s core;
  • Attackers know that ransomware can cause major business disruptions, which will increase their chances of getting paid;
COMMON METHODS SPREAD RANSOMWARE:
  • Spam email campaigns that contain malicious links or attachments
  • Legitimate websites that have malicious code injected in their web pages;
  • Internet traffic redirects to malicious websites;
  • Drive-by downloads;
  • Malvertising campaigns;
  • Security exploits in vulnerable software;
  • SMS messages (mobile devices);
  • Botnets;
  • Affiliate schemes in ransomware-as-a-service
  • Self-propagation (spreading from one infected computer to another);


HOW TO BE SAFE AND CLEAN:
  1. Understand the importance of having a traffic-filtering solution that can provide
  2. Proactive anti-ransomware protection.
  3. Don’t store all important data on the pc, look for another options: external drives and cloud
  4. 2 backups data: external hard drive and cloud
  5. Removed automatic updates or set the browser to ask me if i want to activate these plugins when needed (adobe flash, adobe reader, java and Silverlight
  6. Manually sync the data to keep away all “open doors” of infections: manually to a hard drive and the cloud. This process can be hard but safe
  7. Operating system and software up to date, including the latest security updates
  8. Don’t use an administrator account on daily basis. Use a guest account with limited privileges.
  9. Removed outdated plugins and add-ons from browsers
  10. Turn off macros in word, excel, PowerPoint, etc.
  11. Never open spam emails or emails from unknown senders
  12. Never download attachments from spam emails or suspicious emails
  13. Never click links in spam emails or suspicious emails
  14. Use a reliable, paid antivirus product that includes an automatic update module and a real-time scanner
  15. Adjusted my browsers security and privacy settings for increased protection.
  16. Add a “ad blocker” to avoid the threat of malicious ads

DID YOU FOUND USEFUL THIS ARTICLE? WHAT DO YOU THINK ABOUT IT? LET ME KNOW, POST A MESSAGE OR SEND ME A EMAIL

 

Comments

Post a Comment

Popular posts from this blog

REASONS TO REPLACE YOUR COMPUTER FAN AND HEATSINK

-
Image
REASONS TO REPLACE YOUR COMPUTER FAN AND HEATSINK A computer's fan and heatsink are two of its most important components. The primary role of both is to cool down the processor and keep it from overheating. A laptop or notebook does not have to be outside in hot, humid weather to overheat. In fact, even if a computer is kept away from extreme heat altogether, it can still overheat. That is because a computer's processor is responsible for processing information and giving instructions to other components in the computer. A processor can get very busy as a result, especially when it is running multiple programs simultaneously. As a result, it heats up, and if there is nothing to cool it down, it can malfunction and break down, costing the owner hundreds or even thousands of dollars. This is why a good fan and heatsink are necessary. The more demand placed on the processor, the more effective the fan and heatsink must be. This guide identifies five issues...
Read more

LET’S TALK ABOUT PC AUDIO SPEAKERS

-
Image
LET’S TALK ABOUT PC AUDIO SPEAKERS Computer speakers are one of those PC accessories that are almost essential; and you can spend anywhere from $10.00 to $1,000.00 for quality PC speakers, depending on your budget.   There are tons of tons of speakers with features and different prices as we know. But as I always say: WHAT and HOW is what I am looking for. For sample: I have this one in my office and works properly, the only disadvantage is that has no RADIO and only can be played with micro SD and plugged to my computer. And only pay like $20-$25. USB charged and the battery longs for 6 hours. https://www.energysistem.com/en/products/music_box/music_box_series_/42198-energy_mini_music_box_z100_r_black Here there is some thoughts and share some personal ideas about this topic. I enjoy listening to music a lot, and because my computer is the main source for my digital music collection, a decent speaker system is essential. Expensive is not a...
Read more

LET’S TALK ABOUT - NETWORK FORENSICS

-
Image
LET’S TALK ABOUT - NETWORK FORENSICS BASIC CONCEPT Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation. Network forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywor...
Read more