This article will discuss about how CryptoLocker and wannaCry works. Ransomware kits on the deep web have allowed cybercriminals to purchase and use a software tool to create ransomware with specific capabilities and then generate this malware for their own distribution and with ransoms paid to their bitcoin accounts. As with much of the rest of the IT world, it’s now possible for those with little or no technical background to order up inexpensive ransomware as a service (RaaS) and launch attacks with very little effort. In one RaaS scenario, the provider collects the ransom payments and takes a percentage before distributing the proceeds to the service user.
The impact of WannaCry was pronounced in some cases. For example, the National Health Service in the U.K. was heavily affected and was forced to effectively take services offline during the attack. Published reports suggested that the damages caused to the thousands of impacted companies might exceed $1 billion.
Attackers may use one of several different approaches to extort digital currency from their victims. For example:
- The victim may receive a pop-up message or email ransom note warning that if the demanded sum is not paid by a certain date, the private key required to unlock the device or decrypt files will be destroyed.
- The victim may be duped into believing he is the subject of an official inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
- The attacker encrypts files on infected devices and makes money by selling a product that promises to help the victim unlock files and prevent future malware attacks.
- In an interesting reversal, the extortion may be made with the threat not so much that the data will be unavailable (though this may also be the case), but that the data will be exposed to the general public in its unencrypted state if the ransom is not paid by a given deadline.
To protect against ransomware attacks and other types of cyberextortion, experts urge users to back up computing devices on a regular basis and update software — including antivirus software — on a regular basis. End users should beware of clicking on links in emails from strangers or opening email attachments. Victims should do all they can to avoid paying ransoms.
While ransomware attacks may be nearly impossible to stop, there are important data protection measures individuals and organizations can take to ensure that damage is minimal and recovery is a quick as possible. Strategies include compartmentalizing authentication systems and domains, keeping up-to-date storage snapshots outside the main storage pool and enforcing hard limits on who can access data and when access is permitted.
Feel free to contact E-SPIN for ransomware preventive and solution availability, performance and security monitoring and testing application.
To know more about Ransomware, please click on the link below: