IT Consultants' Insight on Business Technology | NSK Inc.

What is Ransomware?

Posted by Cathie Briggette Fri, Dec 09, 2016

Ransomware is malicious software that encrypts files, locks the computer, and retains control until the user pays a certain amount of money. Ransomware can appear in two forms — either by locking your screen with a full-screen image or
webpage to prevent you from accessing your PC, or by encrypting your files so they can’t be opened. 1

While each ransomware variant has its own twist, there are a few key components that most ransomware types follow:


Email-borne infection – Although some variants have been known to attack via drive-by download advertising, malicious websites, or peer-to-peer network file sharing, ransomware typically attacks through spoofed emails, and the end user is tricked into opening an attachment. 2  It often arrives in zip files with enticingly common names, and the zip file contains an .exe, which downloads onto the target computer, adding a key to the Windows Registry, allowing it to run.


Covert communication – Once downloaded, the malware establishes communication with a command-and-control server. For example, CryptoLocker, which started the modern ransomware craze, relies on a domain generation algorithm and hops between new servers routinely to avoid detection.

Ransomeware.jpghttps://www.justice.gov

Advanced encryption – Once the server connection is established, CryptoLocker generates a pair of encryption keys — one public, one private — using the huge RSA-2048 bit encryption algorithm and military-grade 256-bit AES encryption.
Most ransomware variants use a 256-AES (Advanced Encryption Standard) key or a 2048-RSA key, but some even go as far as 4096-RSA.


Bitcoin ransom – After encryption is complete, the cybercriminals usually demand Bitcoin or some form of payment for the key to unencrypt infected files. 3
Ransomware works quickly and quietly in the background before it unveils itself to
users asking for ransom.


Tight deadline – A pop-up window usually tells the victim that important files have been encrypted and sets a time limit for payment before the private encryption key is destroyed and the files are lost forever.4

1. https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx

2. http://www.welivesecurity.com/2013/12/19/cryptolocker-2-0-new-version-or-copycat/

3. https://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

4.http://www.intronis.com/resources/pdf/ebooks/EBK_Ransomware_SMB_Final.pdf

 

New Call-to-action

 

 

Topics: Data Security, cybersecurity, ransomeware