Topics In Demand
Notification
New

No notification found.

Blog
Ransomware – A Painful Extortion

May 19, 2020

1596

0

The word Ransom refers to a demand made by the abductors for the release of an imprisoned. In some cases, the criminal may not release the person even after getting the money.

Similarly, in the cyber world, it’s not guaranteed that even after paying the Ransom, your encrypted files get released/decrypted. In some case, also collects banking information along with the demanded money.  For taking advantage and utilizing it again, most of the times, malicious files are not removed.

Anatomy of Ransomware

Ransomware is a piece of software intended to block access to system resources until a sum of money is paid. Ransomware encrypts files on the infected system. When infected all files are inaccessible as they also have a different extension which is unknown to a computer file system. Bad actors demand a payment to restore access to these files.

Ransomware code is often a simple one because unlike many types of old-style malware, it usually does not need to remain undetected what we have in case of FUD (Fully Undetectable) for long to attain its goal. As the Ransomware software is now readily available in the darknet marketplace, any script kiddies can download and launch it against any organizations to gain profit.

Ransomware can quickly be delivered via emails which most of the time look like legitimate emails to the users. Sometimes it can be delivered through phishing emails which may contain some links. Users unknowingly click on those links and the malicious software gets downloaded in the system which can later be used to infects other systems in the environment through lateral movement. Social media interaction is another method for the infection. Exploit kits are now very much sophisticated to bypass antivirus software. They can confuse and deliver malware with ease. Another important source is the cracked versions of the legitimate software. People often take a simple method to save software cost, which may contain malicious codes for Ransomware. Pirated software may ultimately turn out to be a costly event for the user.

The History of Ransomware

First Ransomware was created in 1989 by Harvard biologist Joseph L. Popp. The name was AIDS Trojan, and this was also known as PC Cyborg. Joseph sent 20,000 infected diskettes named “AIDS Information – Introductory Diskettes” to attendees of the WHO’s AIDS conference.

In 2006, the Archiveus Trojan was released. This Trojan was using RSA encryption which encrypted everything in the My Documents and encouraged victims to purchase things from an online pharmacy to obtain the 30-digit password.

In 2007, another kind of Ransomware released that locked out users. Winlock exhibited porno images till the users sent a $10 premium-rate SMS to receive the key.

In 2008, a variant of the same virus called GPcode. Using 1024-bit RSA key, AK was unleashed on the public.

In 2011, a big scale Ransomware outbreak happened and started into the use of anonymous payment services.

In 2012, Citadel appeared, a toolkit for dispensing malware and managing botnets that primarily evolved in January 2012 followed by Lyposit, Urausy Police Ransomware Trojans and Reveton.

In 2013, Svpeng, an android Trojan targets Android device. CryptoLocker and CryptorBit followed them, and it can bypass Group Policy settings put in place to defend against this type of infection. The bad actors use social engineering and strategies to install Ransomware as a rogue antivirus product and encrypt the files. Then the user is provoked to install the TOR Browser and their details, and payment up to $500 in Bitcoin is demanded.  The software installs the CryptoCoin mining software, this software tricks the victim computer resources and mine digital coins such as Bitcoin, then deposited to the bad actor’s digital wallet.

In 2014, CryptoDefense was released. It utilized TOR and Bitcoin for concealment and 2048-bit encryption. A Subsequent release of an improved version called CryptoWall was evolved. Another one is Koler.a: launched in April, this police ransom Trojan infected around 200,000 Android users, who were probing for porn and coiled up downloading the malware.

In 2015 Ransomware-as-a-service was released. One can simply go to a TOR website “for criminals by criminals”, launch your own Ransomware for free. A report from Kaspersky depicted that it is doubling every year. Another report from Symantec has shown that TeslaCrypt attacks increased from 200 to 1,800 a day.

In 2016, Javascript Ransomware-as-a-Service exposed, Cybercrime has piggybacked on the successful SaaS model and numerous pieces of Ransomware-as-a-Service (RaaS) like TOX, Fakben and Radamant have appeared.

The WannaCry Ransomware took the world by a hurricane in mid-May, starting with an attack on vulnerable SMB services telcos, rail department, universities, the UK’s NHS and so on. Shadow Brokers the hackers who leaked the NSA SMB 0-day exploit and that motorized WannaCry published a manifesto announcing a subscription offer where they will release more 0-day bugs and exploits for several desktop and mobile platforms, taken from the NSA.

Just after Wannacry, NotPetya was the new worldwide Ransomware attack. Its targeted Ukraine, Russia, Spain, France and other countries. However, NotPetya is more like cyber warfare and does not come from the of the original Petya sources. It does not delete any data but simply makes it unusable by locking the files and then throwing the key away.

2018 Data Breach at Verizon reports Ransomware as the most common type of malware carried by phishing attacks. This used 56% of such occurrences.

In 2018, Blackheart, BitKangoroo, Satan Ransomware, GandCrab v4 was evolved. 2018 Cyber Threat Report from SonicWall, with some interesting statistics about the state of Ransomware:

  • In 2017 a 229% increase in Ransomware attacks.
  • Twelve new variants of Ransomware appeared.
  • Approximately 181.5 Million attacks.

Q4 2018 Global Ransomware Marketplace Report by Coveware’s depicts that bad actors are just getting started with this deadly form of malicious attacks. Numbers of ransom payment and downtime resultant to an attack backups repository compromised are all grown during the quarter.

Cybercrime Tactics and Techniques: Ransomware Retrospective report by Malwarebytes, businesses risks are growing by 365% from Q2 2018 to Q2 2019.

McAfee Labs witnessed 504 new threats every minute in Q1 on an average in 2019 and a recovery of Ransomware along with campaign execution and code change. But an increase of 118% new Ransomware while most common strains were Dharma (aka Crysis), GandCrab and Ryuk.

 

Originally Published on Happiest Minds Technologies Blog Site. For more such blogs follow the link: https://www.happiestminds.com/blogs/


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


Download Attachment

25051-ransomware-2315203-1920.jpg

Happiest Minds Technologies

© Copyright nasscom. All Rights Reserved.