Ransomware is a type of cryptovirology malware that threatens to publish victim data or block access to it unless a ransom is paid. While a simple ransomware can block the system in a way that is not difficult to reverse for a knowledgeable person, the most advanced malware uses a technique called crypto-viral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a rescue payment to decrypt them In a correctly implemented cryptoviral extortion attack, recovering files without the decryption key is an intractable problem, and hard-to-track digital currencies, such as Ukash and cryptocurrency, are used for rescues, that hinders the tracking and prosecution of the perpetrators.
Ransomware is a subset of malware in which data from the victim’s computer is blocked, usually by encryption, and payment is required before the rescue data is decrypted and access to the victim is returned. The reason for ransomware attacks is almost always monetary and, unlike other types of attacks, the victim is usually notified that a vulnerability has occurred and instructions are given on how to recover from the attack. Payment is often required in a virtual currency, such as Bitcoin, so the identity of the cybercriminal is not known.
Ransomware malware can spread through malicious email attachments, infected software applications, infected external storage devices and compromised websites. The attacks have also used the remote desktop protocol and other approaches that are not based on any form of user interaction.
How ransomware attacks work
The deep web ransomware kits have allowed cyber criminals to buy and use a software tool to create ransomware with specific capabilities. Then they can generate this malware for their own distribution and with the ransoms paid to their bitcoin accounts. As with much of the rest of the IT world, it is now possible for those with little or no technical experience to order a cheap ransomware as a service (RaaS) and launch attacks with minimal effort. In a RaaS scenario, the provider charges the ransom payments and takes a percentage before distributing the revenue to the user of the service.
Types of ransomware
Attackers can use one of several different approaches to extort the digital currency of their victims. For example:
The ransomware known as scareware will try to present itself as security software or technical support. Victims can receive pop-up notifications that indicate that malware has been discovered in their system (that, a non-proprietary security software would not have access to this information). Not answering this will not do anything, except that more pop-ups are generated.
Screen boxes, or lockers, are a type of ransomware designed to completely block a user from your computer. When turning on the computer, a victim can see what appears to be an official government seal, leading the victim to believe that they are the subject of an official investigation. After being informed that unlicensed software or illegal web content has been found on your computer, the victim receives instructions on how to pay an electronic fine. However, official governmental organizations would not do this; instead, they would go through the appropriate channels and legal procedures.
When encrypting the ransomware or data hijacking attacks, the attacker will access and encrypt the victim’s data and request a payment to unlock the files. Once this happens, there is no guarantee that the victim will get access to your data, even if they negotiate for it.
Like ransomware encryption, the attacker can also encrypt files on infected devices and earn money selling a product that promises to help the victim unlock files and prevent future malware attacks.
In Doxware, an attacker can also threaten to publish their data online if the victim does not pay a ransom.
Mobile ransomware is a ransomware that affects mobile devices. An attacker can use mobile ransomware to steal data from a phone or block it and request a ransom to return the data or unlock the device.
The victim may also receive a pop-up message or a ransom note by email warning that if the sum requested is not paid on a specific date, the private key required to unlock the device or decrypt the files will be destroyed.
Ransomware attacks are usually carried out using a Trojan that is disguised as a legitimate file that the user can download or