Ransomware is one of the most dangerous types of malware. This is primarily because privilege escalation does not even necessitate much user interaction. Even the use of industry-standard tools and technologies has been ineffective in mitigating the wrath of ransomware.
When ransomware infects a device, the victim cannot access the files. Because the ransom is paid in cryptocurrency, it is impossible to track down the perpetrators of the ransomware attacks. Figure 3 depicts the monetary damage caused by ransomware in 2020 compared to its predecessors.
Ransomware spreads primarily due to a lack of individual Cyber-hygiene. Cyber hygiene encompasses all aspects of online safety, such as browsing behavior, the availability and regular updating of antivirus software, installing third-party software, and user awareness.
To keep ransomware and other malware at bay, good cyber hygiene must be practiced. Despite improved security standards and protocols, ransomware families have managed to breach the defenses of organizations, governments, and individual users.
There are two prevalent types of ransomware known as Crypto-ransomware and Locker ransomware.
- Crypto ransomware: Crypto ransomware employs two methods for encrypting its victims’ data. A Symmetric Algorithm employs a single key for both encryption and decryption. The second most common algorithm is the Asymmetric Algorithm. Data is encrypted using a public key, and the victim can only recover their data after paying for the decryption key. Attackers have made it difficult for reverse engineers to decrypt data without paying the ransom. To make decryption more difficult, attackers now use a combination of symmetric and asymmetric algorithms. Because of its speed, a symmetric algorithm is used to encrypt the victim’s data. The key is then encrypted using the malicious actor’s public key.
- Locker ransomware: Locker ransomware, as the name implies, locks the device rather than encrypting the files and folders. When a victim’s device becomes infected, it is rendered inaccessible. The data contained within is unaltered. Because the data can still be accessed by moving the storage device to another computer, this type of ransomware is less effective than Crypto-ransomware.
Here are some of the main sources of ransomware attacks:
1. Email Attachments
Email attachments typically include Portable Document Format (PDF) documents, voicemails, images, e-invites, and other files. These attachments, which use various steganographic techniques, contain malicious files. Ransomware authors employ techniques that make an email appear to be sent by a trusted and well-known sender. Malicious emails can be created using various tools, even by attackers with no technical knowledge.
2. Removable Media
Many people do not consider removable media an entry point for ransomware. A survey, however, revealed that people are curious about what might be in a random Universal Serial Bus (USB) drive lying in public places. Ransomware has hit many organizations because they did not disable USB ports using this mode.
3. Malvertising
Malvertising is the systematic practice of infecting websites’ advertising infrastructure to display online advertisements. Malvertising has also proven a popular method for infecting systems with ransomware. Even browsing trusted websites such as BBC News, America Online (AOL), and Microsoft Network (MSN) has infected systems. It tricks the browser into automatically downloading malicious file extensions. Rootkit exploits such as Angler, Magnitude, and Nuclear can assist the attacker in gaining access to the victim’s device.
4. Social Media & SMS
This type of ransomware propagation is classified as Social Engineering, in which the victim is persuaded to click on links that they should not. Attackers use the Uniform Resource Locator (URL) shortening technique to obscure the original link. Users with poor Internet hygiene are enticed to click on these links. Users may also receive SMS messages that depict urgency and compel them to click on those links.
5. Ransomware-as-a-Service
Ransomware-as-a-Service (RaaS), like similar Dark Web hosting services that provide anonymity, has emerged as a marketplace exclusively for attackers with insufficient programming skills to easily propagate ransomware. RaaS service providers either take a cut or charge service usage fees from the buyer.
