Ransomware is another type of malware that we are going to discuss in this article. After learning about Trojans and Spyware in our series of malware attacks, this time we shall be learning about the most criminal of all malwares, ransomware.
Ransomware – What It Is?
Ransomware is a type of malware where it prevents users from accessing their system or data and demand a ransom amount to regain access. It is a form of malicious software that, when gets on to your system, encrypts your files and demands a ransom amount in exchange of decrypting the data and returning the access of your own device. Ransomware attackers usually demand payment in bitcoin currency or credit card. But though the attacker assures restoration of files, most of the time it just turns out to be a false promise.
The concept behind ransomware is quite simple, block the access to a victim’s system or application and demand a ransom amount for restoration. If the demand is not met within the set timeframe, the attacker proceeds to destroy the information.
History of Ransomware
Ransomware is first dated to the late 1980s where the first of its type PC Cyborg or AIDS was created. This ransomware, after every 90 reboots would encrypt all files on the ‘C’ drive, demanding that the user renews their license, worth $189. The messages were sent to the victims on their PC Cyborg Corp. email address. Cybersecurity professionals succeeded in reversing the encryption and that is how this ransomware posed little to the devices. 
Other than a few other small incidents, ransomware did not make news until 2004. This is when GpCode held personal files using weak RSA encryption for ransom. 
WinLock in the year 2007, locked desktop access to the users and took over the victim’s screen to display pornographic images. To remove the images and unlock access, WinLock demanded payment via SMS. 
In 2012, a new law enforcement ransomware was observed. It locked the access of the desktop of the victims and showed an official-looking page displaying credentials from FBI and Interpol. The ransomware claimed that the victims were involved in various crimes, such as child pornography, illegitimate software access, downloading illegal files, etc. The fine demanded for these claims was $100 to $3000 through prepaid cash like PaySafeCard or UKash. Most victims believed that the claims were a true investigation being conducted by the law enforcement. This is a social engineering tactic, where the victim was made guilty and raised questions on their own innocence. 
In 2013, CryptoLocker ransomware used military grade encryption and stored the key on a remote server to unlock encryption. It thus turned out to be virtually impossible for victims to get their data back without making the payment. This type of ransomware, that encrypts data, is still in use today as it is a useful money-making tool in the hands of cybercriminals. Large scale ransomwares like NotPetya and WannaCry in 2017, used similar encrypting software to create panic and demand a heafty ransom from businesses and individuals across the globe. 
The SamSam ransomware manufacturers launched an attack on the infrastructure of Atlanta GA which affected the essential municipal functions including the access to pay water bills or parking tickets. The amount demanded was $51,000, whereas, the recovery cost estimated was $17 million. The government ended up spending $5 million to rebuild the infrastructure to overcome the effects of SamSam ransomware. 
Types of Ransomware
Ransomware can be in different forms, big and small, less harmful and severe, but with one thing in common, a ransom.
Crypto malware: This ransomware is quite popular and can cause lot of damage. Crypto malware uses advanced encryption methods so that files could not be decrypted without unique key. WannaCry ransomware attack is one such example from 2017 which spread over thousands of computers around the world and more commonly among corporate networks.
Scareware: It is a fake antivirus or a fake cleaning tool that pops-up on your window with scary messages saying that your computer is at risk and demanding money to fix the issue. Some type of scareware also blocks access to your computer, whereas others annoy you by displaying many popup messages or alert notifications.
Lockers: This type of ransomware completely locks your computer and denies access to any file, data or command. Only on payment of specific amount, the ransomware returns access.
Doxware: The other name for Doxware is Lockware which locks access to your computer and threatens to publish your data if you fail to pay the ransom. Those who store personal data, photographs, or other sensitive information on their system often pay the demanded amount to regain access to their computer.
RaaS: Ransomware as a Service is a malware hosted by a hacker anonymously. These cybercriminals manage every service, from distributing malware, blocking access, collecting payment, to decrypting the data. RaaS attend all these services in exchange of their part of revenue from the ransom.
Ransomware remained a strongest type of malwares and many new ransomwares are discovered every year. It generates over $25 million revenue for criminals every year. 
Mistakes That Invite Ransomware to Your System
Malspam: Malicious spam is one of the common methods of inviting ransomware on to your system. Malspam is an unsolicited email that delivers malware with booby-trapped attachments such as PDFs or Word documents. The email might also contain links that can redirect you to malicious websites.
Social engineering: Cybercriminals use social engineering tools by sending attachments that appear to be legitimate, as if they are sent by trusted contacts. Criminals also uses this technique by posing as FBI agents to scare users and pay the demanded ransom.
Malvertising: Commonly known as malicious advertising is the form of online advertising which works with little to no human interaction. While browsing legitimate websites, users can be directed to malicious sites without even clicking an ad or link. Often, such types of malware turn out to be ransomware. Malvertising works with the help of an infected iframe which redirects to the criminal’s webpage and from here, malicious code attacks the system via an exploit kit. The most shocking part is all this happens without the user ever knowing!
There are a number of defensive measures that will help you prevent a ransomware attack.
- Patch Updates: Keep your operating system and other software up-to-date. The patch or an update is released by the operating system manufacturer as a competence to deal with recent known malware attacks. Software updates are also released to rectify any vulnerabilities that were found after distribution of the software.
- Do not give administrative privileges: Never give administrative privileges to any random software without understanding whether the privileges requested are really required. When we install a new software, we have to agree with certain privilege requests from the software. Unless they are really required, we must not agree to granting them.
- Install antivirus: Antivirus does not guarantee full protection, but it does ensure defense from many major threats. Having a robust antimalware or antivirus software in your system ensures security from unauthorized applications.
- Backup your files: Despite many measures, you may still be infected by a ransomware. To overcome the impact, you must make it a habit to maintain a backup of your files on your computer. The backup should be updated regularly so that in the case of an attack, no files should be missed.
What to Do If You Are A Victim of Ransomware?
Check for the decryptor: In some cases, you may be able to decrypt your data without making the payment to the criminals.
Don’t pay the ransom: There is no guarantee that the cybercriminals will decrypt your data and return the access. Paying the ransom demanded should be your last resort. Instead look for other options such as rebooting the system, using backup data, etc.
Ransomware bullies depend on the innocent to make their living. It is important to consider measures to stay safe, rather than being attacked and forced to pay the ransom. With this writeup, we have reached the third segment on the common types of malware attacks. In our final part, we shall be talking about the invisible fileless malware.
The malware attacks and their types are growing in number every time. Every year we are served with new challenges as the attackers are getting more sophisticated with the tools. The requirement of cybersecurity professionals is at peak and employers are preferring to hire degree qualified professionals in the stream. EC-Council University offers degree and master level programs viz., Bachelor of Science in Cybersecurity (BSCS) and Master of Science in Cybersecurity (MSCS). The degree programs are on par with industry requirements and also help in attaining EC-Council recognized cybersecurity certifications.
Sources: https://www.malwarebytes.com/ransomware/  https://phoenixnap.com/blog/ransomware-statistics-facts  https://www.businessinsider.com.au/ransomware-victims-25-million-ransomware-two-years-google-study-2017-7?r=UK&IR=T