This article will discuss about dangerous of ransomware that you must aware. Ransomware is a subset of malware in which the data on a victim’s computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Payment is often demanded in a virtual currency, such as bitcoin, so that the cybercriminal’s identity isn’t known.
Ransomware malware can be spread through malicious email attachments, infected software apps, infected external storage devices and compromised websites. A growing number of attacks have used remote desktop protocol and other approaches that don’t rely on any form of user interaction.
In a lockscreen variant of a ransomware attack, the malware may change the victim’s login credentials for a computing device; in a data kidnapping attack, the malware may encrypt files on the infected device, as well as other connected network devices.
While early instances of these attacks sometimes merely “locked” access to the web browser or to the Windows desktop — and did so in ways that often could be fairly easily reverse-engineered and reopened — hackers have since created versions of ransomware that use strong, public-key encryption to deny access to files on the computer.
Famous ransomware: CryptoLocker and WannaCry
Perhaps the first example of a widely spread attack that used public-key encryption was Cryptolocker, a Trojan horse that was active on the internet from September 2013 through May of the following year. The malware demanded payment in either bitcoin or a prepaid voucher, and experts generally believed that the RSA cryptography used — when properly implemented — was essentially impenetrable. In May 2014, however, a security firm gained access to a command-and-control server used by the attack and recovered the encryption keys used in the attacks. An online tool that allowed free key recovery was used to effectively defame the attack.
In May 2017, an attack called WannaCry was able to infect and encrypt more than a quarter million systems globally. The malware uses asymmetric encryption so that the victim cannot reasonably be expected to recover the (private and undistributed) key needed to decrypt the ransomed files.
Payments were demanded in bitcoin, meaning that the recipient of ransom payments couldn’t be identified, but also meaning that the transactions were visible and thus the overall ransom payments could be tallied. During the thick of the week in which WannaCry was most virulent, only about $100,000 in bitcoin was transferred (to no avail: There are no accounts of data having been decrypted after payment).
Feel free to contact E-SPIN for ransomware preventive and solution availability, performance and security monitoring and testing application.
To know more about Ransomware, please click on the link below:
