What is Ransomware? & Why is it dangerous to businesses?

In this following post, I am going to cover one of the fastest growing types of malware that is spreading across the web today, which is affecting and damaging businesses around the world,that malware in question is ransomware.

What is Ransomware?

Ransomware is a form of malware (hostile or intrusive software), which is installed on a victims computer by installing programs that are infected with malicious code, this is through emails and download links.

Once installed on a system the malicious ransomware code will start to encrypt the operating systems main file system, which contains all the vital files that are needed to make the system operational. The encryption process would also encrypt all users personal data, such as documents, music, pictures and any videos that are saved on the systems hard drive.

Once the entire hard drive has been completely encrypted and the user restarts their machine they will been greeted with a similar screen to this screenshot below.

Ransomware Screen

As you can see the screenshot above would be very alarming to the computer user, as they are not expecting the screen to pop-up with this message informing them that they have just been locked out of their workstation.

The dialog in the pop-up instructs the owner of the data to follow the instructions, where they should click on the website link and pay the ransom by using crypto-currency bitcoin.

What is Bitcoin?

Bitcoin Logo

Bitcoin is a complex digital currency and payment method, that uses computers to mine Bitcoins, by solving mathematical equations. For more information click here

As you can tell by the information that is presented on the official bitcoin site mining coins for the none tech savvy user, would be very difficult to achieve.

But a users that can mine Bitcoins or has a Bitcoin wallet, should be successful in getting their data back.

 History of Ransomware

  1. Ransomware development accelerated in 2011 with 60,000 new variants in Q3 alone.
  2. Ransomware quadrupled between Q3 2014 and Q1 2015.
  3. CryptoWall alone costs victims over $325 million (£ 224 million) in 2015 (Revenue from attack, doesn’t include down times or loss of companies ernings or lost data and recovering the data).
  4. Juniper Research estimates that Ransomware will cost business over $2 trillion (£ 1.38 trillion) by 2019.

Encryption Types

  • Symmetrical Keys (AES, RC4, DES) (Private Key) Vs Asymmetrical keys (Public Key).
  • Public key stronger but much slower than symmetric key.
  • Longer keys (measured in bits) have stronger encryption.
  • Most ransomware variants leverage symmetric key for fast encryption.
  • 20-bit symmetric keys can be broken in a few hours, while 128-bit key can take millions of years.

Encryption Explained Image

Five Signs You’re Under Attack

  1. Users unable to run particular applications on their individual workstation (this aids the encryption process and prevents it from been detected).
  2. Fake Surveys (emails) – phishing attempts to extract users information (10% Success rate).
  3. Emails attachments distributed as Word/Excel invoices.
  4. Fake warning message either Blue Screen Of Death or police / authority confiscation.
  5. Rapid encryption of multiple files on network shares and mapped drives – 0 day remote code exploit attacks through unpatched software such as Adobe Flash, Java, Microsoft Silverlight web browser plug-ins.

Types Of Ransomware

CrytoLocker:- File Targets include .doc .docx .xls .pdf .jpg 72 file formats in all, encryption algorithm used AES Symmetric Key, spreads through attachments in email messages.

By paying for decryption key, data is decrypted, it can take 3-4 hours for decryption to complete, 1 – 2 days downtime for a business.

CryptoLocker Image

CryptoWall:- Files Targeted include .sql .mp4 .rar .png .jpeg .txt 150 file formats in all. encryption algorithm used RSA for file encryption, stronger but slow asymmetrical key,  spreads through email attachments or infected websites.

By paying for decryption key, data  is decrypted, decryption will take a long time.

CryptoWall Screen

OphionLocker:- Files targeted .doc .docx .jpg .mp3 .mp4 68 file formats in all, encryption algorithm used ECC (Elliptic curve cryptography). Spreads through email attachments.

Does not actually securely delete all files or remove the shadow volume copies.

Ransom Amount: 1 Bitcoin.

VaultCrypt:- Files targeted: .doc .jpg .zip .pdf .xls 15 file formats in all, encryption algorithm used RSA-1024 public and private key pair. Spreads through email attachments.

It’s possible to recover the data with programs like R-Studio, Photorec or Recuva since VaultCrypt does not securely delete data.

TeslaCrypt & AlphaCrypt:- Files targeted: .rar .wma .avi .js .css .png .jpeg .txt .doc .docx 150 file formats in all. encryption algorithm used AES (Advanced Encryption Standard). Spreads through hacked website running exploit kits on the unsecure web server.

By paying for decryption key, data  is decrypted, decryption will take a long time.

TeslaCrypt Screen

LowLevel04:- Files Targeted: .doc .jpg .mp3 .mp4 .wav .zip .xml .php .rar 110 file formats in all, encryption algorithm used AES and RSA-2048 encryption strong but slow.

Spreads through brute force attacks on machines running Remote Desktop/Terminal Services 0 day Remote exploits. (Disable Remote Desktop Services when they are not been used).

Ransom Amount: 4 Bitcoin.

Ransom32:- Files Targeted .jpg .tif .gif .php .java .txt .doc .pdf .mp3 .mp4 .flv .csv

First ever ransomware written in JavaScript cross platform, easily packaged to impact Windows, Mac and Linux Systems, offered as a Ransomware-as-a-Service (RaaS) in TOR (The Onion Router) anonymity network

Ransom32 Screen

For more details on Ransom32 click here

Conclusion

In conclusion, I would say the best way to prevent an attack from ransomware, is to just download software from places that are known to be safe.

Don’t open email attachments from recipients you don’t know. Also disable any services that are running in the background of an operating system that are not needed to be used.

Have an anti-virus installed on each workstation, as well as a firewall at the network level.

Follow Remote PC Services On Social Media

For more details on Remote PC Services and the IT support services I have on offer please click here

If you are located in West Yorkshire UK and require support, please complete the contact us form, at this link and I will be more than willing to provide support for your home or business IT needs.

Please feel free to like Romote PC Services on Facebook & follow us on Twitter

You can also find software tutorials on your YouTube channel where you will find videos on Windows 10, Mozilla Firefox and Google Chrome web browsers, more videos will be added in the future so please subscribe so you don’t miss out.

Thanks for your time.

Adam

 

Advertisements

Author: Adam Farnsworth

Welcome to my blog My Name is Adam Farnsworth. I am the owner of Remote PC Services. My blog will cover all areas of the IT industry, as well as any thing that interests me within the technology world. Thanks for taking the time to read my posts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s