Ransomware Attacks

Apr

Ransomware Attacks

What is Ransomware?

In our daily life when someone asks for a pay-off to release something stolen, this is called ransom.

In computer life, this is called ransomware.

Ransomware is a malware that holds the victim’s data as a hostage demanding an amount of money in order to release these data or to not publish it.

How do Ransomware works?


Since emails are the main gates for ransomware, one of the ways attackers use is phishing.

Once the victim clicks the phishing link, the attacker can reach for any specific files that he wants, encrypt it and ask for a pay-off for the decryption key.

Your device will reboot and a screen appears with the instructions of how to pay in bitcoin

Well, this is how regular ransomware works but unfortunately after some evolutions, attackers came out with two more aggressive types of ransomware: Petya and NotPetya ransomware

Petya ransomware:

It works the same way as the regular ransomware, but it’s not just encrypting some specific files,

it works on encrypting the root filesystem which is considered as the map for all files on your device which respectively encrypt all your files and you have to pay the victim for decryption

When you click the phishing link or attachment which is, in fact, an executable file, you are asked first if you allow the executable to make changes to your device and it’s the death click when you accept this request, so be careful which software you are allowing to access your device

NotPetya ransomware:

In June 2017 the form of ransomware evaluated to a more and more aggressive way called NotPetya.

In this form the attacker does not need any victim’s interaction, it can use any security hole to infect the victim device.

How it works is almost similar to Petya ransomware in encrypting the root filesystem and asking to pay some bitcoin to gain access and have the decryption key.

Where is the dangerous part?

- The attack happens with no need to click any links or any attachments, you are not asked for

any permission that you could accept or reject.

- The attacker does not only encrypt your root files, it ruins your whole hard drive so you will lose all your data anyway

- In fact, NonPetya is not a ransomware, it’s a virus that completely damages all your data with no recovery options.

Conclusion

You have to choose wisely the services and the software you are using and especially your email service provider since it’s the main entrance for ransomware.

Your email service should be highly secured using intelligent and strong systems of anti-spam and anti-phishing that could defeat these kinds of threats.

One of the good examples to mention is WorldPosta the cloud-based email service provider, they are using a multilayer intelligent system of security that could strongly prevent any malicious software from reaching out your device. For more information, please visit that link: https://www.worldposta.com/security/