The highest threat in the digital world now gets a new name called Ransomware, but before knowing about it you must know a term called the Malware.
Malware (Malicious + Software= Malware) is a software deliberately designed to cause damage to a single targeted machine or to the whole digital environment.
This blog will detail you the overall concept of ransomware and its process along with some recent surveys.
What is Ransomware?
Ransomware is a sub-type of malware/malicious software that affects the working of a system through denying access to the user’s data and certain programs until their demand is fulfilled. Here, mostly the demand is a ransom amount for gaining access to the user’s data.
The ransom is demanded as digital cash/currency (bitcoins), thus keeping the hackers in an anonymous state and enabling them to escape from the eyes of the law. Due to this, there has been an increase in ransomware attacks since 2012.
Types of Ransomware
We can categorize ransomware into three types based on the severity of an attack.
This poses the least security threat. The scareware merely posts a pop-up on the screen informing the user: the computer has been locked/hacked; for which they demand a ransom.
Here, there are possibilities that no files or data is encrypted thus making the message posted as a hoax or a prank.
The second type is the locker ransomware which is of medium threat. This malware locks up the computer and demands for a ransom.
It denies the user to access certain programs or locks the whole computer until the demanded ransom is paid.
This is the third type of ransomware with high severity. In this type, the malware program will encrypt the user’s data by using a public key obtained from an encryption server. The users will not be able to access their data until the ransom is paid.
There are cases where the ransom amount is doubled after a specific period of time. This increases the risk for the victim and they easily fall as prey to the hackers.
How a Ransomware works:
Distribution – Through spam emails, phishing, downloads, compromised websites, bot infection, SMS, etc…
Infection – Virus arrives at the target machine and starts infecting
Communication – Starts communication with encryption-key servers to receive the public-key for encryption
File Search – The ransomware searches for files that have common file extensions (such as JPG, PDF, DOCX, PPTX, etc.)
Encryption – The ransomware encrypts the identified files and folders by the encryption key downloaded from the servers.
Ransom – The system/application/data is taken over and a ransom is demanded.
Distribution, Infection & Communication
The first two processes – distribution & infection, explain how the system gets infected. Mostly the software virus is distributed through spam emails, phishing, downloads, compromised websites, bot infection, SMS message, etc. This infects your system/application/data.
The third process, details how malware communicates with encryption key servers to retrieve the public key that encrypts the data. The encryption algorithm is mainly RSA, RC4, or algorithms of similar categories.
After the communication process, the malware will search for the files that have common file extensions (such as JPG, PDF, DOCX, PPTX, etc) remember your personal data may also be in one such file extension.
In this step, the ransomware will encrypt the identified files/folders using the encryption key received from the servers.
Once the file/folder is encrypted it will be moved or renamed to another location, after which the hacker will take control of the system and demand a ransom.
Here the victim is left with no choice other than paying the demanded ransom because only then the decryption key will be shared.
But, in some cases even after paying the ransom there is no guarantee that the victim will get the decryption key.
Footprints of Ransomware:
The word ransomware came to the limelight of the digital world since 2005; initially, crypto-ransomware and misleading applications gained its frame, these misleading applications attacks were through phishing and other such activities. But, this did not survive for long, due to awareness among people.
In the year 2009, the ransomware gained its momentum at its full swing; misleading applications and fake antivirus software programs were being identified, crypto-ransomware made a comeback with a stronger encryption algorithm and multiple variants of it emerged.
Since the advent of ransomware, the amount demanded in extortion has approximately doubled from 290 US dollars to 680 US dollars at the end of 2015 and in 2016 it raised to about 1077 US dollars. The amount further increased if the ransom amount is not paid in a specified period of time and the data is deleted after the time lapses. The number of new ransomware families in the market is steadily rising with an average of about 100 per year basis.
For the past 4 years, the percentage of ransomware attacks were high compared to the previous year attacks; for the year 2018-2019 out of 1,379 malware incidents 56% were ransom based attacks. All the mentioned details are gathered from the research papers of “International Journal of Advanced Research in Computer Science”.
From a study conducted by Bromium in 2018 stated that ransomware’s minimum annual global revenue is about 1 billion US dollars, this was a worldwide study. The 1 billion USD is just the money obtained from the victims in the year 2018, but the cost of loss incurred by companies in the name of its reputation, downtime and all other factors sum up to 8 billion USD and more for a year in 2018.
Isn’t it threatening?
How will you prevent your businesses data and avoid financial loss, if there happens to be a ransomware attack?
If these are the questions that arise in your mind, I would only say there is a solution to save your business from ransomware attacks; Want to know how?
For that, all you have to do is, save your spot for our upcoming webinar – “How to protect your business from a Ransomware attack?“ on July 25 (Thursday), 2019 at 11.00 AM PDT | 7.00 PM CET.Like what you read? Rate us