chitkara logo


Vol. 3, Issue 22, July 2017
RansomWare - A FearWare

Ransomware as its name specifies is made by joining two words - Ransom which literally means money demanded to release someone or something from captivity and Ware meaning any usable item. In technology term Ransomware is defined as malicious software designed to earn financial gains by captivating users' or corporations' data. Some technologist also called this a rougeware or scamware. It restricts user to access his own data on his own device and demand for a ransom from the user to release the access of the data. Figure 1 is the pictorial representation of how Ransomware works.

In the recent past we have a witnessed a panic situation due to a ransomware named WannaCry attack affecting the computer systems around the world. Figure 2 shows the countries that are affected by WannaCry Ransomware.

Figure1: Ransom demand

Figure 2: Ransomware affected countries

Ransomware operates in following three steps:-

  1. Attacker to User/Victim
  2. User/Victim to Attacker
  3. Attacker to User/Victim

In the first stage the attacker generates a key pair and associates this key into a malware. Then this malware is released in various forms for different devices like computer and smart phone etc.

In the second stage when the malware enters into the device it generates a random symmetric key and encrypts the user’s data. To encrypt the symmetric key in the malware it uses a public key. When the victim tries to access the data then it shows the message that how to pay the ransom. The victim is now bound to sends e-money and asymmetric text to the attacker.

In the third stage when the attacker receives the ransom using an e-money it sends the symmetric key to the victim. The attacker generates the symmetric key with deciphering the asymmetric key with its private key. The symmetric key is generated randomly so that it can’t be reused to help other victims.

Ransomeware normally affects the system in following ways:-

  • It locks the device operating system
  • It encrypt files/folders
  • It stops the applications running on the system
  • It traces the nodes into the network and send fake messages

Ransomware are not new to the world, unfortunately they are already being used by bad guys for a very long time now. They carry out major cyber attack by making data and device inaccessible to users and ask for a good amount of ransom to release the access. Some of the ransomware are discussed here.

Reveton:
This malware displays a warning message that computer has been used for illegal purpose like operating an unlicensed software, or being used for pornography etc. Because of this behavior it is known as police Trojan. This malware was spread in early 2012.

CryptoLocker:
This was a type of Trojan that targeted Australia in September 2014 with famous name cryptolocker and cryptowall. It spreads using genuinely looking emails but containing malicious and executable attachments. When user opens this attachment the malware attacks the PC system encrypting the files.

Fusob:
This belongs to the mobile ransomware family. This mobile device ransomware was active during April 2016 and March 2016. Most of the victims of this ransomware belong to United States, United Kingdom and Germany. It basically shows fictitious messages like itune gift cards or some other incentives. When user clicks on the link fusob gets installed onto the device. After installation it first checks the language used in the device. If the language is Russian or some Eastern European language, it does nothing, otherwise it locks the device and applications and demands for ransom.

WannaCry:
WannaCry cryptoworm attacked in May 2017. This ransomware spreads through the internet and is passed into the local network. Generally, it targets the computers with Microsoft Windows operating system. To release the access of device and data a wana decryptor (figure 3 below) is provided with that asks for ransom in Bitcoins . After the payment of ransom the attacker provides a symmetric key to decrypt the data or unlock the device.

Figure 3: Wana Decryptor

How to Prevent or Deal with Ransomware Attacks

  • By Installing Security Updates of windows operating system provided by Microsoft.
  • By using good anti-virus and an anti-malware
  • By taking backup of the important data regularly
  • By Synchronizing the important data on cloud for recovery/backup
  • And not following fake offers on different applications like email, websites, flashes etc.

By - Mr. Rinku, Assistant Professor, Department of CSE, Chitkara University H.P.

References:-

About Technology Connect

Aim of this weekly newsletter is to share with students & faculty the latest developments, technologies, updates in the field Electronics & Computer Science and there by promoting knowledge sharing. All our readers are welcome to contribute content to Technology Connect. Just drop an email to the editor. The first Volume of Technology Connect featured 21 Issues published between June 2015 and December 2015. The second Volume of Technology Connect featured 46 Issues published between January 2016 and December 2016. This is Volume 3.

Previous Issue



Smart Antenna System - An Important Pillar of Today’s Wireless Communication Technology
Click here!

Archives - Random Issue from Vol. 1 & 2



Cell Phone Cloning
Click here!

Editorial Team

Chief Editor: Sagar Juneja
Members: Ms Sandhya Sharma, Gitesh Khurani
Arun Goyal, Ankush Gupta.

Disclaimer:The content of this newsletter is contributed by Chitkara University faculty & taken from resources that are believed to be reliable.The content is verified by editorial team to best of its accuracy but editorial team denies any ownership pertaining to validation of the source & accuracy of the content. The objective of the newsletter is only limited to spread awareness among faculty & students about technology and not to impose or influence decision of individuals.