Probably you’ve heard of someone who can’t access the data of its computer unless he pays some money to a criminal, that is ransomware we are talking about.
Ransomware is usually spread through malicious email attachments, infected software apps, infected external storage devices and compromised websites. But there can be infections through RDP (coming on next Blog) or approaches that don’t require interaction with the user.
Once your device is infected with malware Trojans it can make changes on it in many ways:
- It can block completly the access to it
- It can encrypt the data on the victim’s disk.
The changes usually are seen when the device is restarted, the user notices he can’t access his data (or can’t control its device) and receives a message demanding a payment (in cryptocoins) to decrypt the files or restore the system.
Some of the most famous ransomwares are CryptoLocker and WannaCry
A widely spread attack that used public-key encryption was Cryptolocker, a Trojan horse that was active on the internet from September 2013 through May of the following year. The malware demanded payment in either bitcoin or a prepaid voucher, and experts generally believed that the RSA cryptography used — when properly implemented — was essentially impenetrable. In May 2014, however, a security firm gained access to a command-and-control server used by the attack and recovered the encryption keys used in the attacks. An online tool that allowed free key recovery was used to effectively defang the attack.
WannaCry was able to infect and encrypt more than a quarter million systems globally. The malware uses asymmetric encryption so that the victim cannot reasonably be expected to recover the (private and undistributed) key needed to decrypt the ransomed files. Payments were demanded in bitcoin, meaning that the recipient of ransom payments couldn’t be identified, but also meaning that the transactions were visible and thus the overall ransom payments could be tallied. During the thick of the week in which WannaCry was most virulent, only about $100,000 in bitcoin was transferred
Ransomware & Cyber Blackmail. Kapersky Lab. Recovery date: January 24th 2018. Recovered from: https://usa.kaspersky.com/resource-center/threats/ransomware
Krebs, B. (2017). Ransomware for Dummies: Anyone Can Do It. Krebs on security. Recovery date: January 24th 2018. Recovered from: https://krebsonsecurity.com/2017/03/ransomware-for-dummies-anyone-can-do-it/
Rouse, M. (2017). Ransomware. SearchSecurity. Recovery date January 24th 2018. Recovered from http://searchsecurity.techtarget.com/definition/ransomware