Ransomware attacks have gained prominence in recent times, and industries and governments across the world have implemented policies and advisories to counter the threat. The attack involves a malicious program that holds user or organizational data for “ransom” in exchange for payment. The payment is often made anonymously through digital currencies. In order to understand and prevent ransomware attacks, we must look at some of the most prominent ransomware tools used by malicious hackers. In this section, we will examine the SimpleLocker, SamSam, and WannaCry ransomware tools.SimpleLocker
is a widespread ransomware program that is designed to target Android devices. The mobile nature of this program differentiates it from most other ransomware. The program scans the phone for important files and encrypts them with AES encryption. These files become unusable and inaccessible, unless the user sends a payment to specified address. More advanced versions of the software can access the camera, cause pop-ups, or prevent apps from opening. If the user does not pay the requested ransom, their data is lost forever. There are ways around the malware that require advanced knowledge of the device, but many find it more convenient to simply pay the ransom. The requested sums are usually between $20 and $300.SamSam
is a ransomware program that targets small businesses. The program is typically customized in order to target specific companies and designed to target multiple devices at once. Once the organization is compromised, files on all devices become encrypted as a splash screen and is presented with several options. The user can regain access to one device at a time via a small BitCoin fee, or the user can regain access to all devices by paying a larger BitCoin fee. They even offer to decrypt one file for free as proof of the honesty of their offer. This attack has led to the temporary shutdown of hospitals, factories, and public departments.WannaCry is probably the most high-profile of these ransomware
tools. A group called “The Shadow Brokers” released several exploits and hacking tools developed by the United States National Security Agency. WannaCry was developed for Windows using these tools and exploits. In May 2017, the program was deployed successfully on devices across the world. The program, much like other ransomware, encrypted the user’s files and demanded payment of $300 to $600 in exchange for decryption. Roughly 200,000 computers in total were infected, and estimated hundreds of millions in payments. Being the most likely well-known of ransomware attacks, measures have been taken to prevent the attack on updated devices. However, it is still theoretically possible to manually execute the program on Windows XP.
The Point Is…
In short, ransomware attacks
are a new type of threat to users and organizations that are quickly gaining prominence. Most of these attacks work the same way. An encryption program is designed for many devices and deployed via phishing/open ports/etc., the program encrypts user data so it is inaccessible and unusable, the program prompts the user for payment in exchange for decryption, and finally the program maintains encryption until the payment is made. Prevention of these attacks is the same for any other malware: Anti-phishing practices, live network administration, and regular vulnerability assessments. Ransomware attacks have evolved out of new tools and practices, while their success is up to an organization’s ability to be aware and monitor these threats.TL;DR: Ransomware attacks are a new type of cybersecurity threat that is quickly becoming popular. The attack involves holding user or organizational data hostage in exchange for a digital payment. This section examines some of the most common and emerging examples of ransomware in recent times.