Ransomware... One More Time
Following on from the previous blog “Carbon Black (CB) “More on WannaCry” I thought it would be a good idea to go over Ransomware and list some key information surrounding this type of malware. (Would have been an idea to write this before the last blog but needs must be met when everyone is talking about one specific type)
So for you guys that are still unsure how Ransomware works here goes. (Warning: This maybe too basic for most but awareness is key ☺)
Ransomware is a type of malware.
Malware (malicious software) is an umbrella term used referring to a number of forms of hostile or intrusive software, specifically designed to disrupt, damage, or gain authorized access to a computer system.
Types of Malware
Other types of malware include:
- Trojan Horses
- Other malicious programs
Ransomware can be downloaded onto systems when unwitting users visit malicious or compromised websites. It can also arrive as a payload either dropped or downloaded by other malware.
Some ransomware are known to be delivered as:
- Attachments from spammed email
- Downloaded from malicious pages through malvertisements
- Or dropped by exploit kits onto vulnerable systems
Once executed in the system, ransomware can either lock the computer screen, or, in the case of crypto-ransomware, encrypt predetermined files. In the first scenario, a full-screen image or notification is displayed on the infected system's screen, which prevents victims from using their system. This also shows the instructions on how users can pay for the ransom. The second type of ransomware prevents access to files to potentially critical or valuable files like documents and spreadsheets.
Ransomware is considered "scareware" as it forces users to pay a fee (or ransom) by scaring or intimidating them. It prevents users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods such as Bitcoin to get a decrypt key.
Ransom prices vary depending on the ransomware variant and the price or exchange rates of digital currencies. Thanks to the perceived anonymity offered by cryptocurrencies, ransomware operators commonly specify ransom payments in bitcoins. Recent ransomware variants have also listed alternative payment options such as iTunes and Amazon gift cards. It should be noted, however, that paying the ransom does not guarantee that users will get the decryption key or unlock tool required to regain access to the infected system or hostaged files.
The Bitcoin Connection
With the exception of some ransomware families that demand high amounts, ransomware variants typically ask for 0.5−5 Bitcoins (as of 2016) in exchange for a decrypt key. This is important for two reasons—some variants increase the ransom as more time elapses with non-payment, and the Bitcoin exchange rate is on the rise. In January 2016, 1 BTC was worth US$431. Bitcoin's value has risen dramatically since then, topping out at US$1,082.55 at the end of March, 2017.
Ransomware Prevention in short
- Avoid opening unverified emails or clicking links embedded in them
- Back up important files using the 3-2-1 rule—create 3 backup copies on 2 different media with 1 backup in a separate location
- Regularly update software, programs, and applications to protect against the latest vulnerabilities
List of Ransomware (Types, Extension patterns, filenames, detection and prevention)
Copy and paste the following link to see the document > https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsG...
Here at Satisnet we have a cloud based security platform called “CyberKombat”. With a multitude of available training scenarios covering all aspects of exploits across the majority of operating systems we can cater for anyone from a basic user admin to training for SOC Analysts in your business.