Ransomware: The growing threat in modern technology affecting systems worldwide

What is a Ransomware?

A ransomware is a type of malicious software that blocks access to files on your computer till the demanded sum of money or ransom is paid. Ransomware came into existence during the late 1980s or 90s and back then the payment had to be made with mail. In the modern days, the payment is to be made through digital currencies making it harder to trace the perpetrators.

A ransomware typically employs the technique of encryption, denying the access of data to the user and then demands a ransom to decrypt them.

The history of Ransomware

The first ever ransomware attack was carried out in 1989 by Joseph Popp, known as the "AIDS Trojan" or "PC Cyborg". It used to encrypt only the file names and hide them on the hard drive. A message was displayed on the screen that the license of a  certain piece of software had expired and the user had to pay 189$ via mail to "PC Cyborg" corporation to renew the license. However, any tech-savvy guy could easily extract the decryption key through the trojan itself. Popp had been declared mentally unfit however he promised to donate the money to fund AIDS research.

Another significant ransomware attack took place in 2004 called the GpCode that used RSA encryption to hold the files for ransom.

Several non-encrypting ransomware attacks took place during 2007-10 and one of them was WinLock that instead of encrypting the files, locked users out of their systems displaying pornographic images on the screen and demanded payment via paid SMS to remove them.

The Reveton ransomware had hit the computer systems in 2012. The victims would be locked out of their systems and then a warning was displayed on their screen posing to be a law enforcement agency such as FBI or Interpol that some unlicensed software or unethical content had been downloaded on their systems such as child pornography for which they have to pay fine using a pre-paid card such Ukash or PaySafeCard.

In 2013 another major attack was carried out in the form of CryptoLocker which was way more dangerous than previous ransomware attacks as it used a more complex mechanism of encrypting files and stored the decryption key on a remote server which meant that it was pretty much impossible to recover the data without paying the ransom and this method became so popular that it is still being used by cybercriminals.

Probably the worst ever attacks took place last year in 2017, the WannaCry in the month of May and the NotPetya in the month of June.

How does the Trojan spread?

There are several different methods by which the trojan spreads but the most common method is "Malspam" or in simple words sending malicious e-mails on different systems to deliver the ransomware. The email might contain links to malicious websites or may even contain infected files such as pdf or word documents.  

Another popular method is malvertising or malicious advertising in which users can be redirected to malicious websites even without clicking on an ad and this may even happen on a legitimate website, the reason why this method became so popular as there was little or no interaction required to deliver the malware. These criminal servers used to store the location and details of the victim's system and then select the best-suited malware to be delivered which is often a ransomware.

Any invisible webpage element or an infected iframe is what the malvertisement often targets to do its work. The element redirects to a malicious landing page and then the malicious code attacks the system through the landing page via exploit kit. An exploit is a program that takes advantage of the vulnerabilities of the security code of an application so that criminals can use it for their own benefit.

Most common types of Ransomware

Scareware

It is what the name implies, i.e., using scare tactics to make users download any malicious software or faking a rogue tech support to be contacted in order to remove the malware from the system. While browsing the web, sometimes one may notice messages popping-up claiming that some malicious programs or viruses have been detected on the system and now the users either have to download a program or call tech support to remove it, this is how one may get tricked because they will demand an amount to remove the virus and if the user is unaware of the fact that such virus never existed on his/her system may end up paying the ransom.

These type of attacks usually do not lock files on your system rather it is just the tactic of scaring and faking victims to extort money.

Crypto or Encrypting Ransomware

Crypto Ransomware deploys strong encryption techniques to deny the victims access to their important data. After it encrypts all the important files, it asks the victim to pay a fee to unlock their files. It often includes a time limit, the user has to pay the ransom within the given time frame and if the deadline is not met the amount may increase significantly with another deadline and after a certain number of times of ignoring the warning, the victim may lose his/her data forever. 

Locker Ransomware

This may also be referred to as Computer Locking or Screen Locking Ransomware as it doesn't encrypt the victim's files rather it denies access to the device. The reason it is also called Screen Locker because it basically locks down the user interface and then demands a ransom amount.

Pseudo Ransomware

This ransomware doesn't lock the victim's files rather it deletes them permanently and creates fake files tricking the user to believe that the files can be recovered after paying the ransom, however, the attackers vanish after acquiring the amount.

The most infamous Ransomware attacks of recent times

WannaCry

In the month of May 2017, the WannaCry Ransomware hurled systems across the internet through an exploit vector called Eternal Blue which  Microsoft had patched in March 2017. The exploit was developed by the U.S. National Security Agency according to former NSA employees. It was leaked by shadow brokers hacker group in April 2017 and was then used to carry out the WannaCry attack by modifying and adding more complex code to the exploit.

It demanded 300$ worth of bitcoin as a ransom and affected over 300,000 systems worldwide.

Petya and NotPetya

Petya attacked the computer systems in March 2016 but unlike other encrypting ransomware, it infected master boot records encrypting the file tables of the NTFS file system such that the next time an infected system boots, it won't be able to boot into Windows at all till a ransom is paid. However, it was reported that it had resulted in fewer infections than other malware.

On June 27, the news of a similar type of malware broke that primarily targeted systems in Ukraine. It was a heavily modified version of the Petya ransomware, however, it was not meant to generate only undue profit rather it also wiped out the victim's data,i.e., the victim was not able to recover his data even after paying the ransom. Researchers at Kaspersky Lab termed it as NotPetya.

Coping with Ransomware

While there are no sure-shot ways to cope with ransomware attacks there are a few tried and tested methods that can actually save your money and data.

First of all, visit only those websites that have a valid security certificate and are trusted by users across the globe, it is not a cent per cent guarantee that these websites won't drive you to download malicious files or redirect to malicious websites but usually the people behind these websites often try to maintain high level of security for their visitors so there are a lot fewer chances of your system getting infected.

The next important thing you should do is to take a backup of your important data and store it offline.

If you become a victim of a ransomware attack the first and the foremost thing is to ignore the warnings and must not pay the ransom, it is a strict law formed by each and every cyber security cell across various countries. Then, try to find ways to repair your system and if you fail to do so, you at least have a backup of your all-important data so that you can completely wipe your system off and then re-install the OS.

Last but not the least is you may wish to add an additional layer of security by purchasing an anti-malware program, however, this tactic may not pay off in every single situation but it may help you to stay safe from known threats. Keeping your anti-malware up to date is the most important thing so that new definitions could be added to protect you from various threats.