Anatomy of a Ransomware Attack – Part 2

Profile image for rtgroups
March 17, 2017 | Views: 1516

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

2. ANATOMY OF RANSOMWARE

How it works : A ransomware attack goes through five stages from the time it installs on your computer to the appearance of the ransom warning on your screen

2.1 Five Stages of Crypto Ransomware

2.1.1 INSTALLATION

After a victim’s computer is infected, the crypto-ransomware installs itself, and sets keys in the Windows Registry to start automatically every time your computer boot up. [3]

2.1.2 CONTACTING SERVER

Before crypto-ransomware can attack you, it contact a server operated by the criminal gang that owns it. [3]

2.1.3 HANDSHAKE KEYS

The ransomware client and server identify each other through a carefully arranged “Handshake” and the server generates two cryptographic keys. One key is kept on your system, and second key is stored securely on the criminals’ server. [3]

2.1.4 ENCRYPTIONS

With the cryptographic keys established, the ransomware on your computer starts encrypting every file its finds with any of dozens of common il extensions, from Microsoft Office documents to .JPG images and more. [3]

2.1.4 Extortion

The ransomware displays a screen giving you a time limit to pay up before the criminals destroy the key to decrypt your files. The typical price, $300 to $500, must be paid in untraceable bitcoins or other electronic payments. [3]


References:

[1]     B. Fraga. Swansea police pay $750 “ransom” after        computer virus strikes. The Herald News, 2013.

[2]     G. O’Gorman and G. McDonald. Ransomware: A growing   menace. Technical report, Symantec Corporation, 2012.

[3]     Anatomy of a Crypto Ransomware Attack   https://blogs.sophos.com/2015/03/03/anatomy-of-a-ransomware- attack-cryptolocker-cryptowall-and-how-to-stay-safe-infographic/

[4]     E. Arnold. Tennessee sheriff pays ransom to cybercriminals ,in bitcoin. http://www.bizjournals.com/memphis/blog/2014/11/tennessee-sheriff-pays-ransom-to-cybercriminals-in.html, 2014.

[5]     Common type of Ransomware http://securityjar.com/types-of-ransomware-attacks/

[6]     N. Andronio, S. Zanero, and F. Maggi. HelDroid: Dissecting and detecting mobile ransomware. In Proceedings of the International Symposium on Research in Attacks, Intrusion and Detection (RAID), 2015.

[7]     A. Viswanathan, K. Tan, and C. Neuman. Deconstructing the assessment of anomaly-based intrusion detectors. In Proceedings of the International Symposium on Research in Attacks, Intrusion and Detection (RAID), 2013.

[8]     R. Perdisci, A. Lanzi, and W. Lee. Classification of packed executables for accurate computer virus detection. Pattern recognition letters, 29(14), 2008.

[9]     V. Roussev. Data fingerprinting with similarity digests. In Advances in Digital Forensics VI, IFIP Advances in Information and Communication Technology.Springer Berlin Heidelberg, 2010.

[10]  N. Scaife, H. Carter, and P. Traynor. OnionDNS: A seizure-resistant top-level domain. In In IEEE Conference on Communications and Network Security (CNS), 2015.

  1. Tang, S. Sethumadhavan, and S. Stolfo. Unsupervised Anomaly-based Malware Detection using Hardware Features. In Proceedings of the International Symposium on Research in Attacks, Intrusion and Detection (RAID)
Share and Earn Cybytes
FacebookTwitterGoogle+LinkedInEmail
Save
+1
17
0
Use Cybytes and
Tip the Author!
Join
Share and Earn
Cybytes
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Be the Best at Whatever You Do.
We Have the Tools to Get You There.
Visit the NEW Marketplace of Over 500 Skill Enhancement Tools.
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel