RANSOMWARE

Ransomware is a form of malware (that are used by hackers) that can block access to personal data, lock and encrypt the victim’s personal data (until a ransom is paid). There are simple ransomware that is used to lock the computer, without it damaging any file on the computer system but there are also advanced ransomware that are used to damage files or making them inaccessible to the user (or owner), with most cases, the hacker will ask for a ransom in order to restore all that has been restricted. And most payment are done using digital currencies such as Bitcoin and other cryptocurrencies or paysafecard, which makes tracking the hacker very difficult.

These attacks are carried out using a Trojan in which, most times it’s been disguised as a legitimate file, sometimes from the victim’s email or a website that’s unsafe, and this is done using a process called Phishing.

Here are some ways Cyber criminals install ransomware on their targets devices;

• Manipulating Remote Desktop Protocol

• Creating malicious URLs, i.e. fake websites

• Placing malware-infected ads on legit websites

• Tricking device users with drive-by downloads

• Sending infected emails

• Unidentified applications

• Physical engagement with the device

New ransomware constantly emerges daily, which makes it more important to know and understand the dangers of these malicious programs (this reason made me write this article).

Here are few categories of ransomware;

1. Crypto-ransomware

   This is a type of malware that restricts access to a computer until the owner pays the hacker a ransom. This is mostly done through infected email attachments being sent to the targets. Once opened, the malware encrypts the target’s files.

   The hacker asks to be paid in crypto currency which makes the transaction hard to track. Once paid the hacker then provides information on accessing the decryption key.

   Systems affected: Microsoft Windows.

   Software Used: Hive, REvil, Ryuk

   You can resolve this by exploring your recovery options with the law enforcement.

2. Locker ransomware

   This type of malware remotely kicks the owner out of their devices completely giving complete control to the attacker, rather than just locking the user out of their system.

   Systems affected: Microsoft Windows

   Software used: Cryptolocker, Locky

   In a case like this, one important thing to do is to disconnect the device from the Wi-Fi network, this can be used as a preventive measure.

3. Scareware

   The primary purpose of this malware is to the trick the user to download a product or service to resolve an issue that requires quick attention. Sometimes it can come as a spoofed website unknowingly opening on your device, this can automatically trigger a scare, usually alarming language via unreal websites pop-ups or security scan results (from the device).

   System affected: Android, MacOS and Microsoft Windows

   Software used: Mac Defender, Winfixer

   One way to avoid this is, when there’s a pop-up display, you can click the “X”, clear your browser history and restart your computer.

4. Extortionware

   This is a type of malware where the attacker locks the victim’s device and place a threat to leak private information unless a ransom is paid. Once the type of malware is found active on your device the attacker can leverage any information stored against you. Again, this is just so they can extort money from the victim.

   System affected: Linux, MacOS, Windows and some IoT devices

   Software used: EvilQuest and REvil

   When this sort of thing happens, the best bet is to report to the law enforcement.

5. Doxware

   This type of malware is not used just to steal information or deny access to information but to extort money, expose the victim to identity threat and in some cases physical harm. This is mostly done to people with businesses or individuals and with this malware, the attacker is able to find confidential information on your device.

   System affected: Android, Cloud Services, iOS, IoT devices, Linux, MacOS and Windows

   Software used: DoppelPaymer and REvil

   If you notice a malware like this you should turn off your device immediately and take it to an IT professional for advice on how to get it out.

6. Wiper malware

   This malware doesn’t just restrict the user’s access but threatens to destroy any file it infects. This is mostly leveraged on business owners and this type of malware can potentially stop the operation of their business. Times where this is used as a form to extort money, it means that it runs using a time based triggers.

   System affected: Cloud Services, Linux, Windows and MacOS

   Software used: Jigsaw, NotPetya, KillDisk

   It’s best to always have a data backup before this malware infects the device (s)

Now, here is a list of some ransomware that have enabled Cyber-attacks in the past;

1. CryptoLocker

2. TorrentLocker

3. CryptoWall

4. Locky

5. Cerber

6. Crysis

7. Petya

8. KeRanger

9. Jigsaw

10. Wannacry

11. NotPetya

12. GoldenEye

13. BadRabbit, etc.

How can you prevent Ransomware?

1. Utilize a VPN to encrypt your internet connection and prevent cybercriminals from attacking you on unsecured networks.

2. Never use data storage devices from unknown sources to reduce the chances your data will be corrupted.

3. Monitor your network to identify unauthorized devices and suspicious activity before your devices are infected.

4. Do not click on suspicious emails attachments.

5. Keep your device, android, iOS, windows, doesn’t matter. Keep it up to date.

6. Only download files that you’re sure about from websites that you’re sure about its safety.

7. Always try to interact with pop-ups (ads) cautiously. Try closing them without clicking.