What is Ransomware?
One day, your files are gone…
In 1996 the concept of cryptovirology was introduced by 2 computer scientists at the IEEE Security & Privacy conference, inspired by a character in the movie Aliens, the fictional facehugger. Young and Yung also authored the book “Malicious Cryptography: Exposing Cryptovirology” and Yung has now moved on to working at Snap Inc, the company that owns Snapchat.
The basics of ransomware are:
- Ransomware is created and distributed by the attacker.
- The victim downloads the ransomware encrypting their files with a unique key which is sent to the attacker. A demand is sent back to the victim’s computer giving them instructions on how to get their files back.
- If a ransom is paid, the attackers may or may not send back the unique decrypter key to unlock the victim’s files. This is not always successful
In 2012, the first Ransomware started growing internationally delivered by a trojan disguised as downloading or opening what seemed to be legitimate file attachment in an email. Since then, it has been disguised as Flash updates, Google font updates, unknowingly downloaded through infected websites, installed by a bundled program, or delivered through Windows security flaw. No matter how the ransomware gets onto your computer, the results are devastating.
What can be lost to Ransomware?
All of your important files such as documents, pictures, videos, PDF’s, music files, game related files, tax files, databases, website files, CAD files and some virtual desktops can be encrypted. Some ransomware infects your master boot record and will not allow you to start your computer into Windows. Newer ransomware deletes the Shadow Copies on your hard drive making it impossible to retrieve any backups of any files that you may have had. In some cases, your files are deleted immediately, or when the ransom is not paid, files are deleted to urge the victim to pay.
Types of Ransomware
- BadRabbit – Wiper. Encrypts files, demands a ransom. If the ransom is not paid, your data is lost.
- Cerber – Encrypts files, demands a ransom. Has the computer speak to the victim.
- CryptoFortress – Encrypts files in shared folders as well, demands a ransom.
- CryptoLocker – Encrypts files, demands a ransom.
- Cryptomix – Encrypts files, victims must wait for an email ransom demand.
- CryptoWall – Encrypts files, demands a ransom, drops spyware on your computer.
- FBI – Displays a message warning that the victim has violated federal law. Encrypts files, demands a ransom.
- Jigsaw – Encrypts files, demands a ransom and starts deleting files and increasing the ransom each hour. Variants will use porn images or offer chat support.
- Kriptovor – Steals certain files, gathers the process list, takes a screenshot of the victims desktop, encrypts files, demands a ransom.
- Locky – Encrypts files and renames them into hex values, demands a ransom.
- NotPetya – True purpose appears to be malicious, not ransomware. Files are not recoverable as the key that encrypts the Master File Table is discarded and you cannot read the drive.
- PadCrypt – Encrypts files, demands a ransom. Live chat support.
- Petya – Infects the Master Boot Record so the victim sees a blue screen when they start their computer up. Encrypts files, demands a ransom.
- Spora – Deletes the shadow copies, changes folder settings, drops files. Encrypts files, demands a ransom. Provides a friendly user interface for the victim that is actually running on their computer.
- TeslaCrypt – Encrypts game-related files, demands a ransom. TorrentLocker – Encrypts an extensive list of file types, demands a ransom.
- Troldesh – Encrypts files and changes the original file name, demands a ransom.
- VaultCrypt – Downloads hacking tool to steal passwords/logins from your browser, takes action to prevent recovery, encrypts files, demands a ransom. Provides a customer portal.
- WannaCry – Distributed through a Windows security flaw, encrypts files, demands a ransom.
Ransomware as a Service
From 2015- 2016 the growth of new ransomware families was 600% resulting in an average of 4,000 attacks per day. In the first 150 days of 2016, there were 50 new ransomware families discovered, twice that were found in 2015. The increase in infections are spread through email attachments grew to 97.5% in Q3 2016 from Q1 according to this Phishme report.
Ransomware as a service allows anyone who can pay for the service, or give the author a percentage of the profits, the ability to create ransomware that will pay them and send it out to infect people. The quick payout is more attractive than stealing personal information and credit card details. With this type of Cybercrime, using Bitcoin comes anonymity, they cannot be traced. It becomes too easy to be a copycat cybercriminal at the expense of countless of unprotected victims that don’t take steps to protect themselves.
Ransomware in the future
As shown in the many variants of ransomware families, information may have already been taken from the victim’s computer. The attacker could have access to all of their personal information, documents, emails, contacts or website history. Ransomware can take on a second demand known as online extortion or doxxing. Demanding payment in order not to release personal or embarrassing information online or selling it.
Attackers are also targetting services, creating havoc in our lives. Hospitals, transit, and power plants have suffered as a result of being attacked. As we have more devices attached to our computers, the ability to infect other devices and use them for attacking and infecting other computers.
What can you do?
System Security Inspection and 1 yr BitDefender license – $120
Call us at 250-382-0424 to book a time to come see us and we’ll help you get protected.