What is ‘Ransomware’ and how does it work?
With advances in technology, it has become a big battle to keep our environment safe. There are new kinds of threats being created everyday which aim to target servers and network systems. The managers need to be prepared against these threats, using support tools such as:
Firewalls, IPS (Intrusion Prevention systems), IDS(Intrusion detection systems), WAF, Proxy and SIEM. Currently, one of the most dangerous and time consuming malware is ‘ransomware’.
What is ‘ransomware’? How does it work? How does it infect an environment? Let us see…
Ransomware is a malware that can block a device or encrypt the content. The hacker then demands a ransom to get his data back. Normally the attackers promise to restore the access or the data of the infected machines.
You can also define ransomware as a type of software that restricts access to an infected system and charges a redemption price for that access to be restored. If the redemption price is not paid, the files would be lost or published.
According to a technician, ransomware is also called as a type of cryptography. Let us see why:
‘Cryptography’, is the ability to secure communications in the presence of third parties, called adversaries. The cryptography term came from the fusion of the words “Kryptós” and “gráphein”, which means “hidden” and “to write”. It is a conjunction of rules that encrypts the original message and sends it to the receiver. The receiver then decrypts it to view it. Encryption is the key element of cryptoransomware, as your entire business plan depends on the successful use of cryptography to block files or file systems of victims without recovery plans, such as data backups. This does not mean that cryptography is intrinsically malicious.
The ransomware attack is around for long time. Attackers use several known distribution methods. Malware are often spread through phishing schemes involving malicious links, email attachments, or downloaded files that are installed on the server from compromised sites. In spite of knowing the risks, one in four recipients opens phishing messages and, surprisingly, one in 10 clicks on attachments received in those messages.
Anatomy of a ransomware attack:
Credit of image: Ransomware by Timothy Gallo, Allan Liska
The first know virus that encrypted user files was Dirty Decrypt, after it came CryptoLocker, PowerLocker, Citroni, CryptoWall, CryptoWall 2, CryptoWall 3, Torrent Locker, Cryptographic Locker others. Every day a new kind is emerging that aims to hamper the services of the security tools.
Below some the 10 cases famous of attack of ransomware in 2017:
10 – UNKNOWN
9 – REYPTSON
8 – LEAKERLOCKER
7 – WYSIWYE
6 – OSIRIS
5 – CERBER
4 – LOCKY
3 – BADRABBIT
2 – NOTPETYA
1 – WANNACRY
It is good to follow these tips to secure yourself from these threats: