Ransomware is a sophisticated malware that targets the victim’s files and operating system and demands a ransom for these. Hence, the only way to get your files is to pay the attacker a ransom.
The GandCrab ransomware campaign was first reported at the end of January 2018, was widely deployed. It was also very popular in 2018. GandCrab reportedly chunked out millions of dollars with its plans.
The GandCrab team heavily relies on Microsoft Office macros, VBScript, and PowerShell to avoid detection. Above all, the team uses a Ransomware-as-a-Service (RaaS) model for immediate delivery with a focus on consumer phishing emails. Ransoms range from $500 to $600.
GandCrab infected over 45,000 nodes within a month. Since then, it has been constantly evolving. Moreover, they have done several adjustments and brought five new code releases.
Consequently, Europol, in collaboration with Romanian Police, the General Prosecutor’s Office, and BitDefender, hacked GabdCrab’s servers to obtain keys and created software which decrypts users’ files for free.
This is just one of the many Ransomware attacks happening over many years. If you don’t know what Ransomware is, then this article is for you. So first, let us know something about this malicious software.
There are two types of ransomware:
- Encrypting ransomware: It is a malware that encrypts the files of a user and demands money in exchange for the keys which will decrypt the files. Examples are CryptoLocker and Locky.
- Locker ransomware: This malware logs out the user from the operating system, leaving the laptop/PC inaccessible. This does not encrypt the files, but the attacker still demands money for gaining access to the system. Examples are police-themed ransomware or Winlocker.
- The encryption cannot be tampered, which means you cannot decrypt the files on your own. Still, there is software available for decryption.
- It has the ability to scramble the file names, leaving the user confused about the encrypted files. Nonetheless, this is a trick to make the victim pay the ransom.
- It requests payments in Bitcoin as it is undetectable by cybersecurity researchers or law enforcement agencies.
- When a user’s system is encrypted, the malware shows a message/note on the laptop’s screen. It has a message saying the system’s files are encrypted and the ransom amount will be displayed.
- Sometimes the ransomware features data exfiltration capabilities, which can extract personal data like passwords, credit card details, contacts, etc. Since the intention may not be always towards files.
Evolution Of Ransomware
With high-speed internet and the ever-expanding web, ransomware is also spreading like anything. Cybersecurity officials should work towards building security applications that trace these ransomware attackers and warn the user beforehand.
This malware is not something that only this generation is tackling.
The first attack was distributed via 5.25 inches floppy disks through snail mail in 1989. It was a flop, but the attackers have understood the potential of this extortion to make heavy money.
Modern ransomware was discovered in May 2005. It was a low-risk trojan horse named Trojan. Gpcoder. This trojan encodes files and creates a file named “ATTENTION.txt” and this file contains this message:
Some files are coded.
To buy decoder mail: [user]@yahoo.com
With the subject: PGPcoder 000000000032
Early ransomware came as fake spyware removal or antivirus applications. These applications did not encrypt files, but they damaged the PC and asked for ransom to repair the system back. Their mode of action is somewhat similar to earlier malware, but they also tried to indulge the user for a regular subscription, to chunk out more money.
Encryption-based malware came in 2011. It blocked access to the computer system. As time passed, security towards the malicious software tightened.
As a result, ransomware evolved into the modern crypto-ransomware as we know it today.
There are three variants that currently dominate the crypto-ransomware landscape: CryptoWall (83.45%), Locky (16.47%), and TeslaCrypt (0.08%).
Why Is Ransomware Spreading So Quickly?
Let us see why:
- The development of international payment systems like Bitcoin has made it easier to transfer money.
- Encryption technologies have advanced and made it more difficult for victims to decrypt the seized data.
- The growth of Ransomware-as-a-Service (RaaS) allows low-skilled, inexperienced “hackers” to deploy their own Ransomware attacks. Also, the service provider gets a percentage of ransom from the victims.
- The maturing of cybercrime allows current attackers to model ransomware on other types of successful attacks.
- Computers infected with malware may download and install new malware, including ransomware.
Most Popular And Dangerous Attacks
Who Is Impacted The Most?
Ransomware creators soon realized that instead of users, companies and organizations were more profitable. So they targeted police departments, city councils, schools, and even worse, hospitals.
An estimated 70% of these organizations paid the ransom to get their files back. They have to pay around $10,000-40,000 to decrypt the files.
How It Spreads Across Ahe Internet
Obviously, cybercriminals simply look for the easiest way to infect a system or network and use that backdoor to spread malicious content.
Some of the most common methods used to spread this malware are spam emails, Internet traffic, vulnerable software, unknown downloads, and botnets.
Moreover, these attacks are a mix of technology and psychological manipulation.
As a result, these attacks are getting more stronger every day, as online criminals learn from their mistakes and create more intrusive and potential malware that can bypass the system’s security module.
Hence, every malware is becoming better than its forerunner. Malware creators incorporate new evasion tactics and pack their product with piercing exploit kits, pre-coded software vulnerabilities to target and more.
Essential Steps Against Ransomware
Ransomware has caused much chaos in the IT industry. It is simply the loss of a lot of earned money in the wrong hands.
Here is a timeline of discovered ransomware attacks from 1989 to 2016. As you can see, this malware is very treacherous in nature and has caused harm to many good developers, clients, and innocent people.
In the infographic shown above, you can see how many ransomware were found. Welcome, 2019, and now there is a lot of malware and upgraded editions, too. These are much dangerous than the old versions.
One of the most recent and famous attacks happened in Baltimore and two cities in Florida.
Moreover, ransomware families exist in several thousand variants. For example, CryptoWall, discovered in 2013, reached its fifth version in June 2019.
Consequently, we need a plan to execute. This will help you understand the bigger picture along with the important details. So here’s how you can take care of your system against this type of malware:
Some measures in your PC/laptop can save you from the heavy loss of data and money.
Backup: To begin with, first take a backup of all your important data like work-related files, personal documents, photos, and videos. Keep one in cloud storage (Dropbox, Google Drive, etc.), and one in an external hard drive. The security and algorithm in these cloud services are tightly secured, so those online criminals could not damage the data.
But that doesn’t mean that you should keep these cloud apps/websites open all day. Just open them once a day, backup all the required files, and close. I am saying this because there is special software that can prosecute the cloud firewall when it is active and steal all the data. Attackers are always ready to target newbies on the Internet.
Wireless communication: Furthermore, ensure that you have not kept wireless and Bluetooth on in your laptop/PC/smartphone. Criminals can find a way to invade your system’s hard drive. Only use them when you need them.
Show file name extensions: If your OS does not show the names of file extension, enable that feature in your system. Malicious files often come with strange extensions, like .doc.dat. Proper files have extensions like .pptx, .xlsx, and .mp4. So have a keen eye on it. Otherwise, most people are vulnerable to these files, since these files look pretty normal.
To learn how to show file extensions in your OS, click here.
Windows PowerShell: To help you understand what Windows PowerShell exactly is, here is a quote from Digital Citizen:
While many casual users know about the Command Prompt, few have heard about Windows PowerShell. PowerShell is a tool that’s much more powerful than the Command Prompt. In a way, it’s also intended to replace the Command Prompt, as it delivers more power and control over the Windows operating system.
So if you don’t use PowerShell for your tasks, just disable it. There are many types of malware, ransomware included, who abuse PowerShell and use it to plant and execute malware deep in victim’s devices.
Here are the instructions to disable Windows PowerShell, which works for Windows 7, 8, 8.1 and Windows 10.
Browser plugin: Remove these plugins from your browser: Adobe Reader, Silverlight, Java, and Adobe Flash. Why I’m saying this is because these plugins are notorious for being exploited in cyber attacks.
Adblocker: In 2019, malvertising is spreading like anything. Attackers often use malvertising campaigns to spread ransomware to unsuspecting victims. One way to protect yourself from such malware is to use an adblocker.
Browser security: When it comes to browser security, there is no better and easy way to protect your system from ransomware. Change your browser’s security and privacy settings to be ransom-free.
Anti-Ransomware Security Tools
Paid antivirus protection: A paid antivirus makes a lot of difference than a free antivirus.
Read this article to know the best ransomware protection in 2019.