Do you wanna know what is Ransomware? | Fortinet website gives some points that ransomware is computer malware that encrypts files and demands a ransom in exchange for their return. The ransom price is designed to be high enough to make the time spent by criminals worthwhile and low sufficient to be cheaper than paying to recover data. As a result, many companies have built ransom payment mechanisms into their security plans, and some large U.K. businesses have even started holding Bitcoin in reserve.
In recent years, there has been a noticeable increase in malvertising attacks, some of which have been created by reputable organizations. Often, these attacks stem from compromised ad networks, which make it difficult for organizations to identify and prevent them properly. One example of a malvertising attack is the Angler Exploit Kit, which used a drive-by download attack to redirect web visitors to malicious sites. This malware exploits common web extensions, such as Flash.
Ransomware works by encrypting files on a computer and requesting a ransom payment from the victim to decrypt them. Once the victim makes the payment, a ransom note is left on the infected device that tells the user how to solve the files. The attack can be pretty sophisticated, requiring hundreds of dollars, but there is no guarantee that data will be returned.
Ransomware uses encryption to hold files for ransom. A ransomware attack can encrypt files or whole drives so that cyber criminals can’t read them. The encryption method can be either symmetric or asymmetric. Symmetric encryption uses the same key for both the message and its communication. Asymmetric encryption uses a different key for the same purpose. Modern ransomware uses both types of encryption. In addition, modern ransomware doesn’t require an internet connection to encrypt files. The only requirement for decryption is that the victim must be connected to the internet to decrypt the files.
When the ransomware encrypts a file, it erases the AES session key from the computer’s memory. Only after the ransom is paid can the files be decrypted. This malware uses asymmetric and symmetric encryption to hide its trail, making it nearly impossible to recover files without paying a ransom. Therefore, ransomware encryption is a serious threat to businesses and the public.
Differences in economic size and wealth can partly explain the distribution of successful double-extortion ransomware attacks across North America. As a result, large countries like the U.S., Canada, and the U.K. are the most targeted. Nevertheless, there are other clusters. For example, the most targeted sectors in Canada are Finance & Real Estate and Manufacturing. As a result, malicious actors may be targeting these sectors more aggressively, resulting in more incidents.
The first instance of double extortion ransomware occurred in December, when MAZE, a notorious ransomware family, started leaking data from compromised repositories. As more companies began using offline backups, the threat of double extortion attacks increased. Malicious actors demanded a ransom to keep their data from leaking or being sold on the black market.
Increasingly, ransomware has payment options beyond money transfers. Payments can also be made using cryptocurrencies, such as bitcoin. Although early ransomware demanded payment via Ukash voucher schemes, a more sophisticated form of ransomware has been seen in the form of Ethereum. Less popular cryptocurrencies include Litecoin and Dogecoin. However, all of these cryptocurrencies have the potential to be laundered through the dark net.
However, while many organizations have tried to pay the ransom, paying a cybercriminal is not always the best solution. A recent report by Veeam found that 24% of organizations paid ransoms but did not recover their data. Another 52% were able to recover their data. And the remaining 19% did not pay the ransom because they recovered it themselves. Therefore, ransom payments should be the last option.