Ransomware as its name specifies is made by joining two words - Ransom which literally means money demanded to release someone or something from captivity and Ware meaning any usable item. In technology term Ransomware is defined as malicious software designed to earn financial gains by captivating users' or corporations' data. Some technologist also called this a rougeware or scamware. It restricts user to access his own data on his own device and demand for a ransom from the user to release the access of the data. Figure 1 is the pictorial representation of how Ransomware works.
In the recent past we have a witnessed a panic situation due to a ransomware named WannaCry attack affecting the computer systems around the world. Figure 2 shows the countries that are affected by WannaCry Ransomware.
Figure1: Ransom demand
|
Figure 2: Ransomware affected countries
|
Ransomware operates in following three steps:-
- Attacker to User/Victim
- User/Victim to Attacker
- Attacker to User/Victim
In the first stage the attacker generates a key pair and associates this key into a malware. Then this malware is released in various forms for different devices like computer and smart phone etc.
In the second stage when the malware enters into the device it generates a random symmetric key and encrypts the user’s data. To encrypt the symmetric key in the malware it uses a public key. When the victim tries to access the data then it shows the message that how to pay the ransom. The victim is now bound to sends e-money and asymmetric text to the attacker.
In the third stage when the attacker receives the ransom using an e-money it sends the symmetric key to the victim. The attacker generates the symmetric key with deciphering the asymmetric key with its private key. The symmetric key is generated randomly so that it can’t be reused to help other victims.
Ransomeware normally affects the system in following ways:-
- It locks the device operating system
- It encrypt files/folders
- It stops the applications running on the system
- It traces the nodes into the network and send fake messages
Ransomware are not new to the world, unfortunately they are already being used by bad guys for a very long time now. They carry out major cyber attack by making data and device inaccessible to users and ask for a good amount of ransom to release the access. Some of the ransomware are discussed here.
Reveton:
This malware displays a warning message that computer has been used for illegal purpose like operating an unlicensed software, or being used for pornography etc. Because of this behavior it is known as police Trojan. This malware was spread in early 2012.
CryptoLocker:
This was a type of Trojan that targeted Australia in September 2014 with famous name cryptolocker and cryptowall. It spreads using genuinely looking emails but containing malicious and executable attachments. When user opens this attachment the malware attacks the PC system encrypting the files.
Fusob:
This belongs to the mobile ransomware family. This mobile device ransomware was active during April 2016 and March 2016. Most of the victims of this ransomware belong to United States, United Kingdom and Germany. It basically shows fictitious messages like itune gift cards or some other incentives. When user clicks on the link fusob gets installed onto the device. After installation it first checks the language used in the device. If the language is Russian or some Eastern European language, it does nothing, otherwise it locks the device and applications and demands for ransom.
WannaCry:
WannaCry cryptoworm attacked in May 2017. This ransomware spreads through the internet and is passed into the local network. Generally, it targets the computers with Microsoft Windows operating system. To release the access of device and data a wana decryptor (figure 3 below) is provided with that asks for ransom in Bitcoins . After the payment of ransom the attacker provides a symmetric key to decrypt the data or unlock the device.
Figure 3: Wana Decryptor
How to Prevent or Deal with Ransomware Attacks
- By Installing Security Updates of windows operating system provided by Microsoft.
- By using good anti-virus and an anti-malware
- By taking backup of the important data regularly
- By Synchronizing the important data on cloud for recovery/backup
- And not following fake offers on different applications like email, websites, flashes etc.
By - Mr. Rinku, Assistant Professor, Department of CSE, Chitkara University H.P.
References:-