Abstract Malware Ransomware virus encrypted files with key on binary bit background. Vector illustration cybercrime and cyber security concept.
Ransomware is a malware but not all malware is ransomware. Ransomware may be a sort of malicious software hackers or cybercriminals use to prevent you from accessing your own data. Hackers encrypt the files on your system and add extensions to the attacked data and hold it until the demanded ransom has been paid. During the whole process, the ransomware might be trying to spread throughout your network to shared drives, servers, attached computers and other accessible systems.
Ransomware tools includes;
- REvil
- Ryuk
- Robinhood
- DoppelPaymer
- Snake
- Phobos
Hackers use the following techniques to carry out a Ransomware attack
- File encryption
- Screen locking
1. FILE ENCRYPTION:
Crypto-ransomware uses either the symmetric or asymmetric file encryption. Symmetric encryption uses the exact key to encrypt and decrypt the information. Asymmetric encryption uses a public key to encrypt the data and a non-public key to decrypt it. Symmetric encryption may be a much faster method of encrypting data and files. Major types of file encryption include downloaded public key, embedded public key, and an embedded symmetric key.
2. SCREEN LOCKING:
Locker ransomware uses screen locking to deny or lock the victim out of their computer or mobile device. The victim will be denied access to anything on the computer or mobile device, including the software and other network services. A ransom message is Often displayed on the screen in a continuous loop. The screen sometimes may display a countdown timer or an increasing ransom demand. Common kinds of screen locking include Windows locker ransomware, browser locking, and Android locker ransomware.
Malware, also known as malicious software, is a cover for viruses, worms, trojans and other harmful computer programs hackers use to destroy or gain access to sensitive information or data.
Hackers can infect computers in several ways like;
- Worm: a standalone piece of malware that reproduces itself and spreads from system to system.
- Virus: a chunk of code that inserts itself with the code of another independent program then forces that program to carry out a malicious action and spread itself.
- Trojan: a program that can’t reproduce itself but masquerades as something that the user wants and tricks the user into activating it so it can do damage and spread.
There are a variety of tools ransomware can exploit to take over servers or computers.
The four most typical tools hackers use ransomware to infect its victims are;
- Phishing emails
- Remote desktop protocol (RDP)
- Drive-by download
- USB and removable media
1. Phishing Emails
This is a common method hackers are accustomed to spreading ransomware. Hackers carefully design phishing emails to deceive a victim into opening an attachment or clicking on a link that contains malicious data. The data can arrive in various formats including a zipper file, PDF, word document or Javascript. It enables the attacker to run a script that downloads while executing a malicious executable file (EXE) from an external web server. The EXE includes the functions necessary to encrypt the information on the victim’s computer.
The popular ransomware utilized in phishing emails are;
- Locky
- Cerber
- Nemucod
2. Remote Desktop Protocol (RDP)
This is a very popular mechanism hackers used when infecting victims. it had been created to securely access a user’s computer remotely to configure it, or to easily use the pc. It runs over port 3389. While remote desktop protocol (RDP) has many benefits like opening doors to devices for legitimate use, It also presents a chance for an attacker to take advantage of it illegitimately. Some computers running remote desktop protocol (RDP) over port 3389 open, made it public some years back which has also made it
easier for hackers to go looking for those machines on search engines like Shodan.io to seek out devices that are at risk of infection. they will gain access by brute-forcing the password with the assistance of open source password-cracking tools, so that they can gain access as administrator. Some major password hacking tools like Cain and Abel, John the ripper and Medusa allow hackers to quickly and automatically try multiple passwords to achieve access.
Remote desktop protocol (RDP) tools include;
- SamSam
- LowLevel04
- CrySis
3. Drive-By Download
This is another way hackers use to deliver ransomware. This is when a malicious download happens without a user’s knowledge after they visit a compromised website. Hackers often initiate drive-by downloads. They use the vulnerabilities within the software of legitimate websites to initiate drive-by downloads. They now use the vulnerabilities to either embed the malicious code on a web site or redirect the victim to a different site that they control, which hosts software called exploit kits. Exploit kits give
hackers the flexibility to covertly scan the targeted devices for specific weaknesses and when found executes code in the background without the victim clicking anything. It has happened to some popular sites just like the BBC, New York Times, and NFL through hijacked advertisements.
Drive-by download tools includes;
- CryptoWall
- PrincessLocker
- CryptXXX
4. USB and Removable Media
Ransomware can infect a machine via a USB drive if the user opens an app impersonating something else. It can even replicate itself onto USB and removable media drives in hidden file formats, destroying subsequent machines where the USB device is plugged into. You can easily buy ransomware on the darkweb through Ransomware-as-a Service (RaaS) and attacks are quite easy to launch through any of the above methods.
The seven-stage attack of ransomware are as follows;
- ➔ Infection
- ➔ Execution
- ➔ Encryption
- ➔ User Notification
- ➔ Cleanup
- ➔ Payment
- ➔ Decryption
To protect your system from Malwares refer to Cyber security tips.
