In modern world people use computers , tablets and mobile devices to perform their daily tasks and also they save tons of their personal and public information inside these devices. What if those data goes to someone’s hand?? 😱 that might be someone’s worst nightmare. So ransomware is like that. Since 2005 ( first ransomware attack ) most of the people get attacked by ransomware. Now you might be wondering what is this so called “Ransomware”. First off all let’s go with some definitions.
Definition 1.
Ransomware is a blanket term used to describe a class of malware (also known as malicious software: any Software used to disrupt computer or mobile operations, gather sensitive information, gain access to computer systems, or display unwanted advertising ) that is used to digitally extort ( obtain by force ) victims into payment of a specific fee.
Definition 2.
Ransomware is a type of malicious software designed to create to block access to a computer system until a sum of money is paid.
Definition 3.
Ransomware is a computer malware that installs covertly the crypto-viral extortion attack from crypto-virology that holds the victim’s data hostage, or mounts a crypto-virology leak-ware attack that threatens to publish the victim’s data until a ransom is paid.
Additional notes : Skip this content if you know what crypto-virology and what crypto-virological attacks are. Purpose of adding this content is here is make you easier to understand the meaning of definition 3 which I have mentioned above.
Crypto-virology :
The study of using cryptology to design powerful malicious softwares. Crypto-virology makes use of cryptography as a mechanism of attacking rather than defending. ( But we should know that cryptography is there to save us from attacks )
The study of using cryptology to design powerful malicious softwares. Crypto-virology makes use of cryptography as a mechanism of attacking rather than defending. ( But we should know that cryptography is there to save us from attacks )
Crypto-virological attacks:
Survivable and reversible cryptographic attacks.Using a public key there is a high chance that cryptographic attack to be a denial of service attack. The attack is survivable unless the virus writer(attacker) reverse it.
Survivable and reversible cryptographic attacks.Using a public key there is a high chance that cryptographic attack to be a denial of service attack. The attack is survivable unless the virus writer(attacker) reverse it.
Back to the real topic. If you hate remembering definitions like me you can put this into your mind like this. Assume you leave your laptop inside your room( you forget to lock the door ) and someone comes in. That person steals your hard drive and says “if you want your hard drive back give me $500,000”. What would you do? of course you will be ended up paying that amount of money ( ransom ) to this bad person if that information is very important to you. This is ransomware. Attacker takes control of your device with all the information in it and asks you to pay a ransom in order to return it back to you. Ransomware attacks mainly target two areas which are organizations and home users. If it is an organization the amount of money (ransom) you have to pay is way higher than the amount of money a home user has to pay.
Now you might be wondering why people are doing these kind of attacks. That’s not the real question. The real question is why YOU let them do that. In my example if you go through it again you will understand that leaving the door unlocked was victim’s fault. It is simple as that. Think before you click on something 💭, By looking at the diagram below you will understand what i tried to explain.
How ransomware works : general idea
In the above diagram I have mentioned that there will be two disadvantages for the attacker if ransomware really happens like that. Lets see what those are and what an attacker can do to eliminate it.
Disadvantage 01 :
Since virus writer and user exchange the public key as a part of the ransom and for all ransoms virus writer has the same public key, virus writer is taking a huge risk of letting every other victims go without paying the ransom. If a one victim publishes the public key other victims will take it and use it to decrypt their data by using it.
To avoid this virus writer can generate multiple keys which takes a big amount of time and effort. Carrying out multiple keys is expensive too.
Disadvantage 02 :
Decryption process takes too much time when it directly uses a public key. This is where hybrid crypto-systems comes in. In hybrid crypto-systems a session key will be used to encrypt data.
To make the decryption process fast and a reasonable ransom virus writer decrypts the session key for the victim and sends the plain text to him.
Now lets discuss 2 command & controls highly used in ransomware.
Email - ( phishing emails )
93% of all phishing emails contain encryption ransomware.
Reason - due to the fact that ransomware malware are getting easier to send through emails and it
offers a quick and easy return on investment.
How it offers quick and easy return on investment?
Assume by using a different attack we are stealing someone’s credit card number and we are going to purchase something from it. But if the account holder gets suspicious he will shut down his account before we purchase anything. And in this case we are under risk too. But using email ( sending phishing email) we can ask them to do the transaction for us. No risk we are taking. And it is faster too,
2. TOR - The Onion Routing
What is Onion Routing? TOR is a network which was initially developed by U.S.Navy as way to anonymously browse the internet.
TOR is also called as “Dark web”. Onion routing keeps user’s activities concealed. There are so many layers around the user ( like an onion has so many layers in it).
How onion routing make user activities invisible?
Multiple times of encryption in application layer in TCP/IP stack.
Now lets see how ransomware can be happened inside TOR.
Types of ransomware that uses TOR:
1. Cryptowall
2. CryptoLocker
3. TeslaCrypt
4. TorrentLocker
5. CTB_Locker
6. Onion Ransomware
If an attacker uses onion routing to perform ransomware attack, once the payment is made ( ransom is paid ) there is no way to trace back him. This is a trust issue comes up with onion routing.
What are the ways to prevent from ransomware
You can’t prevent from ransomware attacks by having a virus guard in your computer. Because they don’t detect these kind of attacks. So you should go for some other countermeasures .
1. backups ( External hard drives , cloud storage services like dropbox/Google drive etc). Do not turn on cloud storage services by default. Sync data and close them once it is done.
2. Update operating system and softwares.
3. Uninstall unwanted plugins from the browser. If you need any plugin make your browser to ask you to install it and use.
4. Increase browsers’ security and privacy settings.
5. Install an ad blocker to avoid the threat of potentially malicious ads.
6. Use a reliable, paid antivirus product that includes an automatic update module and a real-time scanner.
These are very few things that you need to know about ransomware. Please comment if you have any issues regarding this post. 😊
No comments:
Post a Comment