What is Ransomware?
Ransomware ( ) is defined as a type of malicious software that block access to data and threatens the Data's owner to pay a sum of money if they want the data back. Some ransomware also threatens to publish the data for money.
A simple ransomware usually lock the system in a way which is not difficult for a knowledgeable person to reserve, but the more advanced malwares uses a technique called cryptoviral extortion which will encrypts the victim's files and document, making them inaccessible, then they will ask the victim to pay a sum of money to decrypt them.
Ransomware may also encrypt the computer's MFT (Master File Table) or even the entire hard drives. Thus, ransomware is a denial-of-access attack that prevent users from accessing files since it is intractable to decrypt the files without dectyption key.
Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate files.
Ransomware infection were first seen in Rusia between 2005 - 2006. Trend Micro published a report on case in 2006 that involved a ransomware variant which was detected as TROJ_CRYZIP.A will zip a certain file types before overwriting the original files, leaving only the password-protected zip files in the user's system. It also create a text file that acted as the ransom note informing the users that the files can be retrieved in exchange for $300.
In its earlier years, ransomware typically encrypted particular file types such as DOC, XLS, JPG, ZIP, PDF, and other commonly used file extensions.
In 2011, Trend Micro published a report on a SMS ransomware threat that asked the victim to dial a premium sms number. This variant detected as TROJ_RANSOM.QOWA which is repeatedly displayed a ransomware page to users until they paid the ransom by dialing a certain premium number.
Read more about at: Ransomware Definition
The latest attack of ransomware goes world wide on May 2017, they ask the Data owner's to pay sum of money to get their data back using bitcoin. The Modern Ransomware has been evolved! After the shift to crypto-ransomware, the extortion malware has continued to evolve, adding new features such as countdown timers, ransom amounts that increase over time, and infection routines that enable them to spread across using networks and servers.
The latest developments show how threat actors are experimenting with new features, such as alternative payment platforms (to make ransom payments easier), routines that threaten to cause potentially crippling damage to non-paying victims, or even a newly methods of distribution.
Prevention:
- Avoid opening unverified emails or clicking links embedded in them.
- Back up important files using the 3-2-1 rules - Create 3 backup copies on 2 different media with 1 backup in a separate location.
- Regularly update software, programs, and applications (especially your antivirus, antimalware) to protect against the latest vulnerabilities.
Have you done your backup routines today?
No comments:
Post a Comment