Ransomware is a type of malware that has several different manifestations and affects personal systems as well as the networks of businesses, hospitals, airports, and government agencies.

Since its first appearance in 1989, ransomware has continued to improve and become more sophisticated. While simple ransomware is unencrypted, modern ransomware uses cryptographic methods to encrypt files, making them inaccessible. Crypto-ransomware may also encrypt a computer’s hard drive to completely lock the computer’s operating system, leaving the victim inaccessible. The ultimate goal of ransomware is to get victims to pay a decryption ransom – usually a hard-to-trace digital currency (such as bitcoin or other cryptocurrencies). However, the attackers will not necessarily admit to receiving the ransom.

The popularity of ransomware has grown significantly over the past decade (especially in 2017). As reported by Europol, it is currently the most prominent malware threat in the world as an economically motivated cyber attack.

How os the victim attacked?

Phishing:
A recurring form of social engineering. When we talk about ransomware, phishing emails are one of the most common spread methods. Victims are often infected with compromised email attachments or links that pretend to be normal. In a computer network, one victim is enough to compromise an entire organization.
Exploit package:
A package consisting of various malicious tools and written exploit code. These packages are designed to exploit problems and vulnerabilities in applications and operating systems to spread malware (insecure systems running outdated software are the most common targets).
Malvertising:
Attackers use ad networks to spread ransomware.

How to protect yourself from ransomware attacks?

Regularly back up files using an external device so users can restore them after removing a potential malware infection;

Be careful with email attachments and links. Avoid clicking on advertisements and websites from unknown sources;

Install trusted antivirus software and keep software applications and computer operating systems updated

Enable the “Show known file extensions” option in Windows settings so that users can easily check file extensions. Avoid using file extensions like .exe .vbs and .scr;

Avoid visiting websites that are not protected by the HTTPS protocol (i.e. URLs starting with “https://”). However, it is worth noting that many malicious websites are gradually using the HTTPS protocol to confuse victims, and the protocol alone does not guarantee that a website is legitimate or safe.

Visit NoMoreRansom.org, a website created by law enforcement and IT security companies dedicated to disrupting ransomware. The site offers free decryption kits and prevention advice for infected Honghu.

Examples of ransomware

Grand Crab (2018)

First seen in January 2018, the ransomware (GrandCrab) infected more than 50,000 victims in less than a month before being cracked by Romanian authorities, Bitdefender, and Europol, a free data recovery toolkit. Spreading through malvertising and phishing emails, GrandCrab was the first ransomware to demand payment in the cryptocurrency DASH. The initial ransom ranged from $300 to $1,500.

WannaCry (2017)

A global cyber attack and infected more than 300,000 computers in four days. WannaCry targets Microsoft’s Windows operating system (the most affected is Windows 7) and spreads through a vulnerability called EternalBlue. The attack has been blocked thanks to an emergency patch released by Microsoft. Although no evidence was provided, U.S. security experts claimed North Korea was responsible for the attack.

Bad Rabbit (2017)

A type of ransomware that spreads as fake Adobe Flash updates downloaded from infected websites. Most infected computers are located in Russia, and the infection relies on the manual installation of an executable (.exe) file. The decryption price (of the ransomware) was around $280 (0.05BTC) at the time.

Locky (2016)

Usually spread via email as a compromised attachment in a paid invoice. In 2016, the Hollywood Presbyterian Medical Center was infected by Locky and paid a ransom of 40 BTC (about $17,000 at the time) to regain access to the hospital’s operating system.