Ransomware is a kind of malware that attacks and encrypts a victim’s computer file system. The attacker demands a ransom from the victim to restore access to the file system.
The victim will get instructions from the hacker on how to and where to make the payment to get the decryption keys. In most cases, the victims have to make the payment in the form of bitcoins.
There are many ways Ransomware can attack your computer. One of the most common ways is phishing attack-Attachment, spam email that comes with malware. Once the victim trusted and opens the attachment it can take over the victim’s computer.
There are multiple things malware can do with victims’ computers. In ransomware attacks most cases they will encrypt the victims’ file system.
In most cases, it was really difficult to decrypt those files without knowing the decryption key.
In another scenario, the attacker acts as an enforcement agency and asks the victim to pay the fine for pornography content or pirated software, they will convince the victim in such a way that they won’t report the case to the law and enforcement team.
In some cases, the attacker threatens the victim that they will share the sensitive data publicly from the hard disk if the victim is not willing to pay the ransom.
History of Ransomware:
One day in 1989 Eddy Williams received a Floppy Disk named AIDS Version 2.0. At that point in time, AIDS disease was new and strange. The company where William working was into medical insurance. His boss thought Floppy Disk might contain some statistical data related to AIDS.
He asked William, who operates computers to open the Floppy disk and see the content.
William inserted the Floppy disk, which contains a small survey about AIDS.
He completed the survey and left for the day.
The next day William switched on his computer, he saw a strange message on the screen “it was asking $180 to a post box in Panama.
William was a computer enthusiast and a programmer.
He rebooted the computer using a bootable disk to restart the system. He noticed that many of his stored file names are changed and hidden.
William wrote a small script to decode the file and he did it within 10 minutes.
After few days he came to know that was a computer virus attack, infected 20,000 systems of the people who attended the WHO AIDS Conference. All of them received the floppy disk and their files got encrypted.
William started helping them with his script. Later he becomes a popular Computer Security Evangelist.
The virus is known as PC Cyborg and it was the first Ransomware in the world. The PC Cyborg was created by Dr. Joseph Popp, who held Ph.D. from Harvard. Popp was later arrested for spreading the virus.
William kept his Floppy Disk, this is one of the first Floppy Disk named AIDS Version 2.0
Although ransomware has been around since the 1990s, Ransomware has recently gained popularity because of untraceable payment mechanisms such as bitcoin.
Few examples of Ransomware:
CryptoLocker- Launched in 2013 and impacted 5L computers. The main target was Windows OS. The CryptoLocker was delivered through the email attachment. Once the recipient clicks the attachment the malware encrypts the files and stores the key on its server.
TeslaCrypt detected in 2015, ransomware targeted gamers across the world. The TeslaCrypt does not encrypt files larger than 256 MB. The Kaspersky Labs detected this malicious malware and successfully protected their users. This ransomware was demanding $500 for the file decryption keys.
SimpleLocker-This ransomware targeted Android mobile phone users in 2014. Always download the Apps from trusted distribution platforms like Google Play Store or Amazon App store. The simple Locker encryption was not cloud-controlled.
WannaCry was a ransomware attack in May 2017. It targeted Microsoft Windows using an exploit called EternalBlue developed by NASA and hacked by the cyber-criminal groups called The ShadowBrokers.
This attack affected more than 2L computers across 150 countries with estimated damages are in billion dollars. Later Microsoft released patches against WannaCry.
NotPetya/Petya both are ransomware attacks, the Russian group used them against Ukraine. They exploited Windows Server Message Block vulnerability -SMB for the attack.
Locky was another ransomware detected in 2016, it was delivered through an email attachment, the Locky attackers used Microsoft word as an attachment for the attack.
Leatherlocker was another ransomware discovered in 2017, it targeted Android phones. It does not encrypt the files but locks the user’s home screen to prevent access.
Wysiwyg is another ransomware attack it targets open RDP-Remote Desktop Protocol servers and steals the credentials to spread across the network.
BadRabbit is another ransomware that targeted media companies in Eastern Europe and Asia in 2017.
SamSam has been around since 2015, they mainly target healthcare organizations.
Ryuk appeared in 2018, they targeted hospitals.
Maze is a new ransomware group that publishes stolen data to the public if the victim doesn’t pay the ransom.
RobinHood is another ransomware that used EternalBlue for the exploit. This Ransomware attacked the city of Maryland in 2019.
GranCrab and Sodinokibi are similar ransomware that targeted MS Windows files.
Thanos is ransomware discovered in 2020. It is sold as Ransomware as a service to criminals. Which can bye-pass most anti-ransomware methods.
The Ransomware market is booming. More criminal groups are coming up with the latest exploitation methods.
We need to stay safe by safeguarding our organization and data by implementing cybersecurity policies.
AcstraSecure team can help your organization to find the vulnerabilities and secure your IT Infrastructure.