<

Ransomware Beware!

Published on
17,488 Points
3,988 Views
5 Endorsements
Last Modified:
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help family and loved ones from being the next victim.

"Ransomware" is make up of two words "Ransom" and "Ware" which is blackmail someone (asking for 'Ransom') using a malicious software ('Ware'). In short, the poor victim not paying up the ransom can no longer use his or her infected computing notebook. You can catch the detailed FAQon Ransomware too. 


Cybercrime is rampant and anyone using the web can be the next prey. Cyber criminals have been quite successful in their attempts, exploiting the many vulnerabilities in user's poorly patched user system and manipulating user ignorance and guilt. Below is a "classic" ransom email which is the first email that does not attached any ransomware (yet) to stroke fear in user to succumb to the threat. The followup will open the gate to all the nasty malwares despite.ransomwareMSG.JPG 


Cyber criminals also do their homework to hunt down their next prey in order to maximize their effort. They worked through an underground cyber dark market. This is a buy and sell  arena which advertised stolen "loots" (fullz), outsourced crimeware services and DIY crime toolkit etc.  Ransomware is actually a hot favorite toolkit and arsenal which Cyber criminal buy as a crime ware. Below is a snapshot of the underground offering. 

economy.JPG 


Know your enemy - Mode of Operation

Ransomware targets the user's desktop/notebook and Mobile smartphone. Below demonstrate a typical ransomware modus operandi, once the prey is identified, all the resources of the target are locked and any payment feeds the cybercriminal to repeat the whole cycle.

  • Target infection to be installed via exploit kit or any form of means to bypass any security software
  • Encrypt all your files and  target specific file extension locally and on network 
  • Start extortion campaign - asking payment around $100–400 via Bitcoins or pre-paid cash vouchers in return for the decryption key.
  • Deactivate any victim defense, give short notice for payment, manipulate one fears to make hasty decision (warn "no" law enforcement)
  • Spin-off Copycats and Underground forum Ransomware-as-a-Service . The hype lifecycle goes on ...

 

One of the most notable strain is CryptoLocker. Based on the latter's reported infection cases in web news, it has already impacted over 500,000 users whereby 1.3% of them pay the ransom - totaling a paid out estimated at $3 million. Copycats trend also starts to evolve in this lucrative "business" in the underground which the dark community reuse ransomware codes and even the backend command and control servers. They are doing more with less to say efficient and effective in their attempts.

ransomwlife.JPG 

Know your enemy - Family Tree

Below is a snapshot which I summarised using a mindmap depicting the top 3 strains having the greatest success in spreading infection in the past and current time as well as the variant targeting the various platform.  

Ransomware-Family.jpegNotice that "Cryptolocker", mentioned in previous section, stands out among others with its many versions. Here is one write up on Cryptolocker which I encourage you to rea don to find more of its journey. The various versions can adopt slightly different scam scheme. For example, for Cryptolocker v2, also known as “crypt0l0cker” is delivered using the below Post Office scam. Another instance is it locks a victim's emergency center using a typical phished email which due to the need to ensure critical service availability, the victim has no choice but to pay off a $700 Bitcoin ransom immediately to restore the system running.cryptolockerv2.JPG


Note - For those that is really desperate and wish to pay off the ransom to get back the data (because of no backup or for whatsoever reasons), you may want to try this  service. But I do advise think twice as such online decryption will also leave sensitive information copy online too.


October 28 update: ALL Coinvault and Bitcryptor keys (14k+) added to the database
April 29 update: 13 decryption keys added to the database
April 17 update: 711 decryption keys added to the database



Know your enemy - One glance into its DNA summary

Ransomware is an "Swiss Army Knife". It is a sophisticated piece of cyber criminal weapon. From below depicts it multi-facet capabilities. We as end user need to stay well prepared, otherwise be ready to lose out to their ransom that include all your asset and document stored in the locked machines and devices. 


At this juncture, I hope this quick starter have given you a better knowledge of this malware family. Expect more of their descendants to emerge strongly to take over their precedessor - CryptoLocker. Start educating your loved and close one too.



Ransomware.jpeg


A word of caution - Avoid rushing into any buying of cyber insurance packages. Opportunistic insurance companies comes knocking your doorstep at that moment where you are at the most vulnerable after going through the ransomware saga. Such package may provide a sense of reassurance to avoid being again the  victim. This is false sense of security. It plays down the good fundamental and downplay the urgency to re-examine existing security measures in place safeguarding those critical business information assets. Not only must we always stay vigilant in the cyberspace, security is everyone responsibility.  Share your good and bad experiences. We learn by learning from others too. 


Final take away tip 

EE platform shares good decent articles and you can search for "Ransomware" as done below (note this is just a snapshot and not the latest). It listed out nicely all possibly relevant related articles topic. These articles provide the "bolt and nut" that is handy to better safeguard and stay prepared against these "pest". One instance is Ransomware by author Thomas. The latter has other good articles too so do check it out.  


Also last thought is this infographicsum up well the scary ransomware DNA too. The whole gist is you need to put your heart to stay safe!


The best way to keep your information safe is by being proactive about your security measures.


EE-ransomware.JPG

5
Comment
Author:btan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 64

Author Comment

by:btan
the images are created by myself and some of the icons are from the web, I do not see there are any copyrights on them when it is on the web like the bitcoins icon. The title image it is from wordle which is created by me and I see that it is for free use of the creation. I will further edit it...but I recall I did not submit the article yet though for review ....
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
Btan,

Thanks for the mention and link.
0
 
LVL 66

Expert Comment

by:Jim Horn
An entertaining read and very well illustrated.  Voting Yes.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 64

Author Comment

by:btan
Thanks Jim, glad you like the article.
0
 
LVL 7

Expert Comment

by:Yashwant Vishwakarma
Nice article Btan !!!
Voted Yes :)
0
 
LVL 64

Author Comment

by:btan
Thanks Yashwant :)
0
 
LVL 27

Expert Comment

by:☠MAS☠
Thanks Btan. Really helpful. Appreciated your effort.
0
 
LVL 64

Author Comment

by:btan
No worries. There are many other good article and you can check out the FAQ too.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Join & Write a Comment

Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month