Page 78 - Cyber Warnings
P. 78
The Rise and Warfare of Ransomware
What is Ransomware?
Ransomware is compiled of two words which is Ransom and Ware. As you could guess
Ransom sounds like a hostage situation you see in the movies where someone is held in
exchange for a large amount of money. Ware is from the term Malware (It is a term used for
intrusive or disruptive software.)
Ransomware can therefore be compared to the common ransom methodology approach, where
a person is held captive and only released in exchange for a sum of currency. However in the IT
world this is commonly your files.
How does it work?
First an attacker would go about infecting your system with ransomware. This could be done via
social engineering, breaking into your system, or by a user plugging in an already infected
device. Once the ransomware gets into your system, it will then work its way through your
system using cryptography to encrypt as many files as it can find. Once this is completed, a
ransom message is displayed instructing you to pay bitcoins to get access to your files again.
Commonly there is a counter displayed on the screen ticking down before your files are deleted.
Using companies such as Western Union and Bitcoin, where you are able to send money to
others without being easily traced. Therefore attackers leverage this system of not being easily
caught. Most recent ransomware commonly provide a link directly to a bitcoin payment portal.
An easier way to understand how ransomware works is by the following points:
1. Infect and spread
2. Encrypt
3. Demand payment
In the “infect and spread” phase the system has already been compromised and the
ransomware is using its malware ability to begin its assault on your system. In its arsenal is a
program which is working its way through your network looking for other devices it could
connect to and infect with its payload.
Next the “Encrypt” phase begins. The ransomware encrypts all the files that meet the
prerequisites set by the attacker. The private key that can decrypt your files is sent back to the
attacker and deleted from the infected system..
The final phase of this attack will be to demand payment. All the victim can see at this phase is
that double clicking an encrypted file launches a window demanding sums of money for files to
be unlocked or they will be automatically deleted within X amount of time.
78 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
