Ransomware is not especially complicated to code. There are plenty of open source projects for attackers to choose from. There is real business out there called Ransomware-as-a-Service where attackers can simply buy off-the-shelf malware to distribute to victims...
Not all ransomware requires user interaction. In a recent case, a zero-day vulnerability in a very popular Webserver allowed attackers to send ransomware directly to computers.
Ransomware attacks are once again escalating...
First of all what is Ransomware?
Ransomware is a kind of malware that demands some form of payment from the victim in order to recover control of their computer and/or data. Typically, the attacker encrypts personal files on the victim’s computer in such a way that they cannot be opened unless the victim pays for a decryption key. Encryption ransomware can also be seen on mobile platforms, with SimpleLocker (overs 150,000 Android devices infected).
In other cases, depending on the target, the attacker may threaten to publicise or leak sensitive information found on the victim’s device, giving rise to the names “leakware” and “doxware” for this kind of attack.
In a leakware attack, criminals target developers and threaten them to make the hijacked code public.
In a Doxware attack, criminals threaten to release personal data to the public. The term comes from the hacker term "doxing," or releasing confidential information over the internet.
How Does Ransomware Spread?
You might wonder just where all these ransomware attacks are coming from and how they get on to victims’ machines.
Ransomware is not especially complicated to code. There are plenty of open source projects for attackers to choose from. There is real business out there called Ransomware-as-a-Service where attackers can simply buy off-the-shelf malware to distribute to victims. It becomes so simple to create unique Ransomware and avoid detection by standard antivirus software!
How does an attacker distribute it?
- by social engineering like phishing email
- by scripting on a a maliciously-crafted website or by a fake software installer.
- via MS Office attachments, malicious PDF files, etc.
However, not every ransomware requires user interaction. The SamSam ransomware that was prevalent in 2016 targeted weak passwords on connected devices once it got a foothold on an initial device. In a recent case, a zero-day vulnerability in a very popular Webserver allowed attackers to send ransomware directly to computers which would execute itself without any user interaction at all.
Depending on when the malware is coded to trigger the encryption and announce its presence, the victim may not notice the infection. Most of the ransomware use delay before activation. Criminals don’t mind waiting for the payday...
Is Ransomware On the Rise?
Threats come and go, but one thing remains the same: the ability of cybercriminals to adapt to circumstances. With the end of the -no risk-very profitable- cryptojacking activities, ransomware attacks are once again escalating.
Ransomware offers an easy payday for criminals with low chance of getting caught. It also represents one of the most devastating attacks for victims, who can potentially lose everything from personal data to the very infrastructure that their business relies on.
New variants with extra features have been revealed lately suggesting that the ransomware could be dropped and tailored to a specific victim by a remote hacker. Be prepared with the right solution.