Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.
Is it worth it if we take advantage of this virus (Ransomware)?
Of course there are many advantages, but it can be ended with regret.
In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", travelled automatically between computers without user interaction.
When did this virus (Ransomware) develop?
Starting from around 2012 the use of ransomware scams has grown internationally. In June 2014, vendor McAfee released data showing that it had collected more than double the number of samples of ransomware that quarter than it had in the same quarter of the previous year.
CryptoLocker was particularly successful, procuring an estimated US$3 million before it was taken down by authorities, and CryptoWall was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over US$18 million by June 2015.
This marks a 229% increase over this same time frame in 2017. There were 181.5 million ransomware attacks in the first six months of 2018.
Encrypting Ransomware
The first known malware extortion attack, the "AIDS Trojan" written by Joseph Popp in 1989, had a design failure so severe it was not necessary to pay the extortionist at all. Its payload hid the files on the hard drive and encrypted only their names, and displayed a message claiming that the user's license to use a certain piece of software had expired. The user was asked to pay US$189 to "PC Cyborg Corporation" in order to obtain a repair tool even though the decryption key could be extracted from the code of the Trojan. The Trojan was also known as "PC Cyborg". Popp was declared mentally unfit to stand trial for his actions, but he promised to donate the profits from the malware to fund AIDS research.
The idea of abusing anonymous cash systems to safely collect ransom from human kidnapping was introduced in 1992 by Sebastiaan von Solms and David Naccache. This electronic money collection method was also proposed for cryptoviral extortion attacks. In the von Solms-Naccache scenario a newspaper publication was used (since bitcoin ledgers did not exist at the time the paper was written).
The idea of abusing anonymous cash systems to safely collect ransom from human kidnapping was introduced in 1992 by Sebastiaan von Solms and David Naccache. This electronic money collection method was also proposed for cryptoviral extortion attacks. In the von Solms-Naccache scenario a newspaper publication was used (since bitcoin ledgers did not exist at the time the paper was written).
Ransomware is non-encrypted
In August 2010, Russian authorities arrested nine people connected with the Trojan ransomware known as WinLock. Unlike the previous Gpcode Trojan, WinLock does not use encryption. Instead, WinLock trivially restricts access to the system by displaying pornographic images and asks users to send premium-level SMS (costs around US $ 10) to receive codes that can be used to unlock their machines. The scam hit many users in Russia and neighboring countries - reportedly making more than US $ 16 million.
In 2011, a Trojan ransomware appeared that mimicked the Windows Product Activation notification, and notified the user that the Windows system installation had to be reactivated because "[became] a victim of fraud". Online activation options are offered (such as the actual Windows activation process), but are not available, requiring users to call one of six international numbers to enter a 6 digit code. While malware claims that this call will be free, it is routed through malicious operators in countries with high international telephone rates, which hold the call, causing users to incur large international long-distance charges.
In February 2013, a Trojan ransomware based on the Stamp.EK exploit kit appeared; The malware is distributed through sites hosted on the hosting service projects SourceForge and GitHub which claim to offer celebrity "fake nude photos". In July 2013, a special Trojan X OS ransomware appeared, which displayed web pages accusing users of downloading pornography. Unlike Windows-based counterparts, it does not block the whole computer, but only exploits the behavior of the web browser itself to thwart attempts to close the page through normal means.
In July 2013, a 21-year-old man from Virginia, whose computer happened to contain pornographic photographs of underage girls with whom he had sexual communication, surrendered to police after receiving and being deceived by FBI MoneyPak Ransomware who accused him of possessing child pornography. Investigations found the incriminating files, and the man was charged with child sexual abuse and possession of child pornography.
Ransomware Cell Phone
With the increasing popularity of ransomware on PC platforms, ransomware targeting mobile operating systems has also increased. Usually, mobile ransomware loads are blockers, because there is little incentive to encrypt data because it can be easily recovered through online synchronization.
Mobile ransomware usually targets the Android platform, because it allows applications to be installed from third-party sources. Payload is usually distributed as APK files that are installed by unsuspecting users; may try to display a blocking message above all other applications, while others use the form of clickjacking causing the user to give him "device administrator" the right to achieve deeper access to the system.
Mobile ransomware usually targets the Android platform, because it allows applications to be installed from third-party sources. Payload is usually distributed as APK files that are installed by unsuspecting users; may try to display a blocking message above all other applications, while others use the form of clickjacking causing the user to give him "device administrator" the right to achieve deeper access to the system.
Various tactics have been used on iOS devices, such as exploiting an iCloud account and using the Find My iPhone system to lock access to the device. On iOS 10.3, Apple patched a bug in handling JavaScript pop-up windows in Safari that had been exploited by the ransomware website. It has recently been shown that ransomware can also target ARM architectures as can be found on various Internet-of-Things (IoT) devices, such as the Industrial IoT edge devices.
[Discussion] of All About Ransomware
Ever wondered what all ransomware is about? You've heard it in the office or read it on the news. Maybe you have a pop-up on your computer screen now warning of ransomware infection. Well, if you are curious to know all there is to know about ransomware, you have come to the right place. We will tell you about the various forms of ransomware, how you got it, where it came from, who was targeted, and what needs to be done to protect it.
What is ransomware?
Ransom malware, or ransomware, is a type of malware that prevents users from accessing their personal systems or files and demands ransom payments to regain access. The earliest variant of ransomware was developed in the late 1980s, and payments must be sent by snail mail. Today, the author of the ransomware orders that payments be sent via cryptocurrency or credit cards.
How do I get ransomware?
There are several ways ransomware can infect your computer. One of the most common methods today is through malicious spam, or malspam, which is unsolicited email that is used to send malware. The e-mail may include a trap attachment, such as a PDF or Word document. May also contain links to dangerous websites.
Malspam uses social engineering to trick people into opening attachments or clicking links by appearing legitimate - whether it appears to be from a trusted institution or friend. Cybercriminals use social engineering in other types of ransomware attacks, such as posing as the FBI to frighten users into paying them money to unlock their files.
Another popular method of infection, which peaked in 2016, is malvertising. Advertising, or malicious advertising, is the use of online advertising to distribute malware with little or no user interaction. When browsing the web, even legitimate sites, users can be directed to a criminal server without clicking on ads. These servers specify the victim's computer and its location, and then choose the most appropriate malware to send. Often, malware is ransomware.
Malvertising often uses an infected iframe, or an invisible webpage element, to do its job. Iframes divert to exploit pages, and malicious code attacks the system from landing pages through the exploit kit. All this happens without the user's knowledge, which is why it is often referred to as drive-by-download.
Malvertising often uses an infected iframe, or an invisible webpage element, to do its job. Iframes divert to exploit pages, and malicious code attacks the system from landing pages through the exploit kit. All this happens without the user's knowledge, which is why it is often referred to as drive-by-download.
There are three main types of ransomware, ranging from mild severity to the dangerous Cuban Missile Crisis. They are as follows:
Scareware
Scareware, it turns out, is not scary. This includes rogue security software and technical support fraud. You might receive a pop-up message that claims that malware was found and the only way to get rid of it is by paying. If you do nothing, chances are you will continue to be bombarded with pop-ups, but your files are basically safe.
Legitimate cyber security software programs will not ask customers this way. If you don't already have this company software on your computer, they won't monitor you for ransomware infections. If you have security software, you don't have to pay to remove the infection - you already paid for the software to do the job.
Screen locker
Upgrade to orange terror warnings for these people. When a lock-screen ransomware gets into your computer, that means you are completely out of PC. When starting your computer, a full size window will appear, often accompanied by an official FBI or US Department of Justice seal that says illegal activity has been detected on your computer and you have to pay a fine. However, the FBI will not freeze you from a computer or request payment for illegal activities. If they suspect you of piracy, child pornography, or other cyber crime, they will go through appropriate legal channels.
Encrypt ransomware
This is a really bad thing. These are the people who took your files and encrypted them, demanding payment to decrypt and resend. The reason why this type of ransomware is so dangerous is because once a cyber criminal has control of your files, there is no security or system recovery software that can return it to you. Unless you pay a ransom - for the most part, the money is gone. And even if you pay, there is no guarantee that cyber criminals will return the files to you.
History of ransomware
The first ransomware, known as PC Cyborg or AIDS, was made in the late 1980s. Cyborg PC will encrypt all files in the C: directory after 90 reboots, and then ask the user to renew their license by sending $ 189 by mail to Cyborg Corp. PC. The encryption used is simple enough to be reversed, thus posing little threat to those who are computer experts.
With several variants appearing over the next 10 years, the actual ransomware threat will not appear until 2004, when GpCode uses weak RSA encryption to store personal files for ransom.
In 2007, WinLock marked the emergence of a new type of ransomware that, instead of encrypting files, locked people from their desktops. WinLock takes over the victim's screen and displays pornographic images. Then, it asks for payment via paid SMS to delete it.
With the development of the ransom family, Reveton appeared in 2012 a new form of ransomware: ransomware law enforcement. Victims will be locked from their desktops and shown a page that looks official which includes credentials for law enforcement agencies such as the FBI and Interpol. Ransomware will claim that users have committed crimes, such as hacking computers, downloading illegal files, or even being involved with child pornography. Most law enforcement ransomware families are required to pay fines ranging from $ 100 to $ 3,000 with pre-paid cards such as UKash or PaySafeCard.
The average user does not know what to do and believes that they are really being investigated from law enforcement. This social engineering tactic, now called implied error, causes users to question their own innocence and, instead of being called to activities they are not proud of, pay a ransom to make everything disappear.
In 2013 CryptoLocker reintroduced the world to encrypt ransomware - only this time it was far more dangerous. CryptoLocker uses military grade encryption and saves the keys needed to unlock files on a remote server. This means that it is almost impossible for users to get their data back without paying a ransom. This type of encryption ransomware is still used today, because it has proven to be a very effective tool for cyber criminals to make money. Large-scale ransomware outbreaks, such as WannaCry in May 2017 and Petya in June 2017, use ransomware encryption to ensnare users and businesses around the world.
At the end of 2018, Ryuk exploded into the ransomware scene with many attacks on American news publications and North Carolina's Onslow Water and Sewer Authority. In an interesting twist, the targeted system was first infected with Emotet or TrickBot, two stealing Trojan information is now used to provide other forms of malware such as Ryuk, for example. Malwarebytes Labs director Adam Kujawa speculates that Emotets and TrickBot are used to find high-value targets. After the system is infected and marked as a good target for ransomware, Emotet / TrickBot re-infects the system with Ryuk.
In recent news, the criminals behind the Sodinokibi ransomware (alleged GandCrab branch) have begun using managed service providers (MSPs) to spread infections. In August 2019, hundreds of dental offices throughout the country found that they could no longer access their patient records. The attacker uses a compromised MSP, in this case the medical record software company, to directly infect 400 dental offices using recording software.
Author By @teach-me
Author By @teach-me
