The Tactics of Ransomware and How to be Careful
Ransomware got enough publicity in the recent times, and obviously, we know why. Many organizations literally got held up and as this wreaked havoc across the world. Experts say Ransomware is here to stay and we are going to see much of it in the coming days.
The aim of a ransomware attack is to infect users’ systems and deny them access to their most valuable assets. Typically, this is accomplished by encrypting the most important documents on the target machine and making them unreadable and inaccessible.
The Evolution of Ransomware
When ransomware came into existence, it used the same key for encryption and decryption. The decryption tool also came into force and reverse engineers were able to develop for each variant. This could easily restore the files in a short period. This enabled the ransomware to quickly fix their mistake, and from then on the criminals started using asymmetric-key cryptography, which encrypts the data with one key, but to decrypt that it requires a different key, which was not easily available to the victim. Either way, it’s very difficult to restore files without paying them for the decryption key.
This is one of the major factors that made ransomware such a hit among cybercriminals. There is no way the victim could get the files back. When criminals are using the symmetric key security analyst can easily find out the decryption key and release. So when this happens the criminals will quickly update with a different decryption key.
Commonly Used Attack Vectors
Ransomware is mainly about money, so spreading the virus through spam is cheaper than creating a new malware exploit. Today infection vectors, mostly use email attachment, links in the email, or hack a website to spread the malicious code to the victim.
Email attachments – is the most common way to spread the virus to victims, as they trick the user to download a potential virus. Once the user clicks on the link which is embedded with the malware, it takes care of the rest.
Malvertising – Web advertisement sent through a legitimate ad service spread malicious code and ransomware. It goes undetected since criminals are good at hiding this.
Hacking websites – Cyber-criminals hack a website through all vulnerabilities available or through the backdoor entry. They place the malicious code and redirect the landing page to a source that installs the ransomware payload. The criminals develop a spoof website that looks exactly like the original, and victims mistakenly end up dealing with that website and end up installing the ransomware.
When you come to know that the attack has happened using the website it means that security has been compromised, and you can immediately block by looking at the domain. Check the IP used in the link embedded in the email or the URL, visited by the user.
However, not all attacks make use of exploiting kits: often, victims are simply tricked into downloading and running the ransomware payload. Thus, security technologies need to intercept these downloads and evaluate if the file is safe to be opened by a user – typically by running the program in a sandbox.
Nevertheless, all attacks that happen is only because the user is simply tricked to download something. This security technology is something that we should be careful about, and that needs to be intercepted and evaluated. There is already a technology called sandbox that pulls such malicious files and codes to analyze and evaluate before it is released or deleted, but we need to be careful what is being downloaded.
Ransomware is one of the most dangerous vectors that has evolved in the recent times, and it seems to be growing at a mammoth rate. Cybercriminals across the world are one step ahead. Security companies are taking up this issue on a war footing to understand the advancement, to arrest such malicious activity.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.