[ad_1]
Ransomware is a type of malware (malicious software) used by cybercriminals. If a computer or network has been infected with ransomware, the ransomware blocks access to the system or encrypts its data. Cybercriminals demand ransom money from their victims in exchange for releasing the data. To protect against ransomware infection, watchful eye and security software are recommended. Victims of malware attacks have three options after an infection: they can either pay the ransom, try to remove the malware, or restart the device. Attack vectors frequently used by extortion Trojans include the Remote Desktop Protocol, phishing emails, and software vulnerabilities. A ransomware attack can therefore target both individuals and companies.
● Locker ransomware. This type of malware blocks basic computer functions. For example, you may be denied access to the desktop, while the mouse and keyboard are partially disabled. This allows you to continue to interact with the window containing the ransom demand to make the payment. Apart from that, the computer is inoperable. But there is good news: Locker malware doesn’t usually target critical files; it generally just wants to lock you out. Complete destruction of your data is therefore unlikely.
● Crypto ransomware. The aim of crypto ransomware is to encrypt your important data, such as documents, pictures, and videos, but not to interfere with basic computer functions. This spreads panic because users can see their files but cannot access them. Crypto developers often add a countdown to their ransom demand: “If you don’t pay the ransom by the deadline, all your files will be deleted.” and due to the number of users who are unaware of the need for backups in the cloud or on external physical storage devices, crypto ransomware can have a devastating impact. Consequently, many victims pay the ransom simply to get their files back.
The concept of file-encrypting ransomware was invented and implemented by Young and Yung at Columbia University and was presented at the 1996 IEEE Security & Privacy conference. It is called cryptoviral extortion and it was inspired by the fictional face hugger in the movie Alien. Cryptoviral extortion is the following three-round protocol carried out between the attacker and the victim.
[attacker→victim] The attacker generates a key pair and places the corresponding public key in the malware. The malware is released.
[victim→attacker] To carry out the cryptoviral extortion attack, the malware generates a random symmetric key and encrypts the victim’s data with it.
It uses the public key in the malware to encrypt the symmetric key. This is known as hybrid encryption, and it results in a small asymmetric ciphertext as well as the symmetric ciphertext of the victim’s data. It zeroizes the symmetric key and the original plaintext data to prevent recovery. It puts up a message to the user that includes the asymmetric ciphertext and how to pay the ransom. The victim sends the asymmetric ciphertext and e-money to the attacker.
[attacker→victim] The attacker receives the payment, deciphers the asymmetric ciphertext with the attacker’s private key, and sends the symmetric key to the victim. The victim deciphers the encrypted data with the needed symmetric key thereby completing the cryptovirology attack.
The symmetric key is randomly generated and will not assist other victims. At no point is the attacker’s private key exposed to victims and the victim need only send a very small ciphertext (the encrypted symmetric-cipher key) to the attacker.
Ransomware attacks are typically carried out using a Trojan, entering a system through, for example, a malicious attachment, embedded link in a Phishing email, or a vulnerability in a network service. The program then runs a payload, which locks the system in some fashion, or claims to lock the system but does not (e.g., a scareware program). Payloads may display a fake warning purportedly by an entity such as a law enforcement agency, falsely claiming that the system has been used for illegal activities, contains content such as pornography and “pirated” media.
Some payloads consist simply of an application designed to lock or restrict the system until payment is made, typically by setting the Windows Shell to itself, or even modifying the master boot record and/or partition table to prevent the operating system from booting until it is repaired. The most sophisticated payloads encrypt files, with many using strong encryption to encrypt the victim’s files in such a way that only the malware author has the needed decryption key.
Payment is virtually always the goal, and the victim is coerced into paying for the ransomware to be removed either by supplying a program that can decrypt the files, or by sending an unlock code that undoes the payload’s changes. While the attacker may simply take the money without returning the victim’s files, it is in the attacker’s best interest to perform the decryption as agreed, since victims will stop sending payments if it becomes known that they serve no purpose. A key element in making ransomware work for the attacker is a convenient payment system that is hard to trace. A range of such payment methods have been used, including wire transfers, premium-rate text messages, pre-paid voucher services such as pay safe card, and the Bitcoin cryptocurrency.
In May 2020, vendor Sophos reported that the global average cost to remediate a ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity and ransom paid) was $761,106. Ninety-five percent of organizations that paid the ransom had their data restored.
Ransomware attacks have many different appearances and come in all shapes and sizes. The attack vector is an important factor for the types of ransomwares used. To estimate the size and extent of the attack, it is necessary to always consider what is at stake or what data could be deleted or published. Regardless of the type of ransomware, backing up data in advance and proper employment of security software can significantly reduce the intensity of an attack.
Learn More at https://letsaskbinu.com
[ad_2]
Source link