Ransomware

Ransomware

The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

What is Ransomware?

Ransom malware, or ransomware, is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access.

Know the Difference in Ransomware

Knowing the types of ransomware out there, along with some of the do and don’t surrounding these attacks, can go a long way!

Ransomware is NOT a Virus! Viruses infect your files or software, and has the ability to replicate, but Ransomware scrambles your files to render them unusable, then demands you to pay a ransom.

Some Common Types of Ransomware:

Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it.

Cerber ransomware is a type of malware that is considered to be the most active one and it executes its attack by infecting a user’s files.

CryptoLocker ransomware is a type of malware that encrypts files on Windows computers, then demands a ransom payment in exchange for the decryption key.

CryptoWall is an advanced form of CryptoLocker ransomware. It came into existence since early 2014 after the downfall of the original CryptoLocker variant.

Crysis is a special type of ransomware which encrypts files on fixed drives, removable drives, and network drives. It spreads through malicious email attachments with double-file extension. It uses strong encryption algorithms making it difficult to decrypt within a fair amount of time.

CTBLocker is a ransomware variant that encrypts files on a victim’s hard disk before demanding a ransom be paid to decrypt the files.

GoldenEye is similar to the infamous Petya ransomware. It spreads through a massive social engineering campaign that targets human resources departments. When a user downloads a GoldenEye-infected file, it silently launches a macro which encrypts files on the victim’s computer.

Jigsaw is one of the most destructive types of ransomware which encrypts and progressively deletes the encrypted files until a ransom is paid. It starts deleting the files one after the other on an hourly basis until the 72-hour mark- when all the remaining files are deleted.

 KeRanger Ransomware, like most encryption ransomware Trojans, is designed to take over victims’ computers, taking the victim’s files hostages and then demanding a ransom payment from the victim in exchange for the decryption code needed to restore the affected files

LeChriffre is a type of Crypto Ransomware that is unique in relation to the vast majority of the ransomware available these days. Rather than spreading to victim’s naturally contaminating their machines, LeChiffre needs be run physically on the infected Device.

LockerGoga is typically delivered by a targeted attack using login credentials that the threat actor somehow got hold of.

Petya is a ransomware strain that infects Microsoft Windows-based computers. Like other forms of ransomware, Petya encrypts data on infected systems. The data is unlocked only after the victim provides the encryption key, usually after paying the attacker a ransom for it.

NotPetya ransomware superficially resembles Petya in several ways: it encrypts the master file table and flashes up a screen requesting a Bitcoin ransom to restore access to the files.

Locky is another ransomware variant which is designed to lock the victim’s computer and prevent them from using it until a ransom is paid. It usually spread through seemingly benign email message disguised as an invoice.

Reveton is a ransomware application. It fraudulently claims to be from a legitimate law enforcement authority and prevents users from accessing their infected machine, demanding that a ‘fine’ must be paid to restore normal access.

Spider is a ransomware-type that is distributed using spam emails with malicious attachments (MS Office documents) that execute a macro command to download and run malware.

TeslaCrypt was a ransomware trojan that not only focused on computer games alone but also encrypted Word, PDF, JPEG and other files. Victims would be prompted to pay a ransom of $500 worth of bitcoins in order to obtain the key to decrypt the files

TorrentLocker is a ransomware trojan targeting Microsoft Windows. It would scan the system for programs and files, and conceals the contents through AES encryption leaving ransom instructions to the victim on what has to be done, and how to pay the decryption ransom.

WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting a Windows computers, it encrypts files on the PC’s hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.

Zcryptor is a hybrid, part ransomware and part worm. It encrypts files and copies itself onto external media. Analysts and researchers agree that 2016 is the year when ransomware went really big.

Beef Up Your Security

Think of your Business as a Private Club. Stop Cyber-Criminals from Entering!

There are many options to keeping the threat of ransomware to a minimum for your business and here are some steps that should be taken to minimize these threats.

  • Back up your Data, System, Images and Configurations
  • Keep the Backups Offline
  • Update and Patch Systems
  • Make Sure your Security Solutions are Up to Date
  • Pay Attention to Ransomware Events and Apply Lessons Learned
  • Review and Exercise your Incident Response Plan
  • Understand your Environment
  • Educate your Workforce