RANSOMWARE

Posted by7thgroupetechPosted inUncategorized

ALL ABOUT RANSOMWARE

Ever thought about what all the ransomware complain is about? You’ve found out about it at the workplace or read about it in the news. Perhaps you have a spring up on your PC screen right currently cautioning of a ransomware contamination. All things considered, in case you’re interested to get familiar with everything to think about ransomware, you’ve gone to the opportune spot. We’ll inform you regarding ransomware’s various structures, how you get it, where it originated from, who it targets, and what to do to secure against it.

WHAT IS RANSOMWARE???

As the name suggests, ransomware is a sort of malware that requests some type of installment from the unfortunate casualty so as to recuperate control of their PC and additionally information. Inside that expansive definition, there are a couple of exciting bends in the road that are significant.

To start with, there are variations as to precisely what the injured individual is being held to emancipate for. Regularly, the assailant scrambles documents on the unfortunate casualty’s PC so that they can’t be opened except if the injured individual has a decoding key. Access to the decoding key is the thing that the assailant

RANSOMWARE EXAMPLES:

WannaCry

WannaCry is ransomware attack that spread across 150 countries in 2017.

Designed to exploit a vulnerability in Windows, it was allegedly created by the United States National Security Agency and leaked by the Shadow Brokers group. WannaCry affected 230,000 computers globally.

Bad Rabbit

Bad Rabbit is a 2017 ransomware attack that spread using a method called a ‘drive-by’ attack, where insecure websites are targeted and used to carry out an attack.

Drive-by attacks often require no action from the victim, beyond browsing to the compromised page.  However, in this case, they are infected when they click to install something that is actually malware in disguise. This element is known as a malware dropper.

Ryuk

Ryuk ransomware, which spread in August 2018, disabled the Windows System Restore option, making it impossible to restore encrypted files without a backup.

Ryuk also encrypted network drives.

CryptoLocker

CryptoLocker is ransomware that was first seen in 2007 and spread through infected email attachments. Once on your computer, it searched for valuable files to encrypt and hold to ransom.

This allowed them to control part of the criminal network and grab the data as it was being sent, without the criminals knowing. This action later led to the development of an online portal where victims could get a key to unlock and release their data for free without paying the criminals.

GandCrab

GandCrab is a rather unsavory ransomware attack that threatened to reveal victim’s porn watching habits.

Claiming to have highjacked users webcam, GandCrab cybercriminals demanded a ransom or otherwise they would make the embarrassing footage public.

HOW DO RANSOMWARE REALLY WORKS?

The good news is that ransomware does not usually appear on its own. It must be activated in order to deliver its payload, usually through a malicious link or attachment in an email.

There are generally five steps required for ransomware to achieve its objective:

The Victim Is Notified

For the ransom to be paid, the user must be aware of the demands of the criminals. At this point, they will usually receive notification on the screen explaining the demands and how they can regain access.

The Malware Takes Control

Once the malware has taken control of the system, certain file types will be encrypted and access will be denied to users.

The Ransom Is Paid

Once they have system access, attackers will either identify and encrypt certain file types or deny access to the entire system.

Full Access Is Returned

In the majority of cases, attackers return full control to the victim. It is in their interest to do this; failure to do so would mean few organizations would be willing to pay if they didn’t believe their data would be restored.

The System Is Compromised

The majority of ransomware attacks start life as a social engineering exercise, usually in the form of an attachment or malicious link. The aim is to entice the user to click on these objects in order to activate the malware.

Some tips on how to MINIMIZE or PREVENT this RISK of ATTACK:

  • Use multi-factor authentication (MFA)
  • Use complex passwords, managed through a password manager
  • Limit access rights; give user accounts and administrators only the access rights they need and nothing more
  • Make regular backups, and keep them offsite and offline where attackers can’t find
  • Patch early and patch often. Ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe
  • Lock down your RDP. Turn off RDP if you don’t need it, and use rate limiting, 2FA, or a VPN if you do
  • Ensure tamper protection is enabled – Ryuk and other ransomware strains attempt to disable your endpoint protection

created by: James Emil Caparida

Leave a comment

Design a site like this with WordPress.com
Get started