Ransomware – Era of Digital Extortion

 

 

 

Ransomware (the hot favourite in the world of cybercrime) setting the new era of digital extortion. Ransomware is a class of malware that restricts access to the computer system it infects, and demands a ransom paid to the creator of the malware for the restriction to be removed (Wikipedia). It is nothing but a straightforward extortion software tool designed to encrypt your data/ lock declaring that the system is locked, followed by a ransom demand. RSA2048 encryption is used to perform the heinous act. The year 2015 marked the birth of ransomware. Since then, it has transformed (matured) from a fake antivirus tool to a leading tool in the hands of digital cybercriminals extorting anywhere between $500 and $20,000 to unlock data/systems from individuals, businesses and other organizations.

 

Ransomware is of two types. Type I is encryption ransomware which encrypts the files on the hard disk and one may find it quite difficult to decrypt without paying the ransom demanded. Type II is non-encryption ransomware where there is no encryption but instead locks up the systems with a message “Your computer is locked”.

 

The evolution and prominence of ransomware can be well imagined with the growth of ransomware attacks of just a few hundred(s) in 2005 to 2.5 million-plus in 2016.

 

Ransomware Attacks

 

The initial attempts to find an opportunity by performing a reconnaissance through a phishing email. Reportedly, 93 per cent of all phishing emails are said to be containing encryption ransomware. Phishing emails hit a new high of 6.3 million in the last year. The usual infection (Ex: CryptoWall) is through email attachments with enticing subject lines are sent attached with zip files containing ransomware executables or even a link to click on. Once the individual opens the files, the executable file locks up the system and in case the he/she clicks on the malicious link, a connection is established to the malicious website and immediately an exploit is launched and malware is shipped online – if the ransomware hacker manages to gain control of the system, the system is locked and a message such as “Your system is locked” is displayed.

 

Browser

 

When you visit a website a browser, hijacker locks up your browser with a message that “Your browser has been locked” – to indicate that the hijacker has taken over the browser does not allow the user to close the browser (window) or switch to another web page and demands a ransom to gain access to your system again.

 

World’s Most Dreaded Ransomwares

 

Cryptolocker, Cryptoware, Locky, Jigsaw, Teslacrypt, Fareit, Samsam, Peyta, Fantom, Crysis, Cerber, Shade, Powerware and Ransom32, among others are the digital extortionists ruling the world of cybercriminals.

 

Ransomware Demands Across Industry

 

A hospital in LA, USA was infected with ransomware and had to pay up ransom in bitcoin(s) after their system and network was locked up for more than a week. In some cases, MRI is locked until the ransom is paid, an X-ray machine is turned off and files are encrypted until the ransomware is paid. One other hospital ended up paying over $10,000 as ransom to restore its IT systems. Almost 80 per cent healthcare organizations have been affected by ransomware. In yet another case, the ransomware criminals gained control of heating, ventilation, and air conditioning (HVAC) of a data center and released only after the ransom was paid. In a recent case in India, an ERP system of a multinational was locked by ransomware criminals and they had to pay up the ransom in bitcoins. An educational institute too was hit by ransomware attack and had to cough up the ransom to restore their systems. India ranks number one on the ransomware radar, besides other countries from Europe and Americas.

 

Ransomware Prevention To prevent ransomware attacks, it is critical that every organization deploys latest web and spam filters, IDS, antivirus, IP/Cloud reputation systems, DNS layer security (as per system deployment). Sandboxing is yet another way to prevent and secure your systems. This apart, it is important to take regular data backups, disable RDPs to thwart any ransomware attacks.

 

Lastly, it is important to avoid plugging in the USB sticks (usually received during trade shows) where information is circulated for business or academic purposes. It could contain ransomware (virus) infecting your initial system where it is inserted and then go on to infect all other systems on the network and then lock up the systems and demand a ransom. To avoid such occurrence, it is important to scan the USB stick/drive before using, encrypt data on USB drive. It would be best to avoid USB sticks in the first place as a policy in the organization.

 

Finally, as far as ransomware is concerned, prevention is better than cure.