Malware spotlight: what is ransomware?

Introduction

Ransomware is a type of malware that is used to digitally extort victims. It does this by preventing them from accessing their systems or files unless they pay a ransom to the extortionists.

There are two types of ransomware. The first is blocker ransomware, which locks or restricts access to systems. The second is crypto-ransomware, which obfuscates, encrypts or denies access to files. The ransom is typically demanded via credit card or cryptocurrency, such as Bitcoin.

In this article, we will delve into the ransomware execution process, some of the biggest ransomware attacks and effective techniques to prevent ransomware.

How does ransomware work?

A ransomware attack works in a sequence of steps. Each step involves specific techniques to make the attack successful. The following sections elaborate each step in more detail.

Step 1: Deployment

In the first phase, hackers install the components of ransomware that are employed to lock a system or encrypt files. They usually use the following techniques to perform these malicious operations:

  • Phishing emails: Extortionists typically use a phishing campaign to inject ransomware. According to CSO, “93% of phishing emails are now ransomware.” In December of 2018, researchers at Carbon Black launched a campaign in which the infected systems harvested credentials, gathered system and process information, and then encrypted data to ask for a ransom from its victims. The attack was carried out via phishing emails that contained an attached Word document with embedded macros. These macros involved the encoded PowerShell script and utilized various techniques to download and execute both GandCrab ransomware and Ursnif malware
  • Drive-by download: In this case, the system automatically downloads a piece of malware without the knowledge of the end user
  • Strategic web compromise: This is another name for a watering hole attack, which is a specific (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/umBteEz5QlE/