Ransomware Virus

Ramsomware ( basically a malware ) that involves hackers taking control of a computer system and blocking access to it until a ransom is paid Ransomware is a subclass of malware that is characterized by holding device control and therefore locally stored data for a ransom, which is typically paid using virtual currencies such as Bitcoin, though often premium SMS messaging and prepaid credit cards are alternative options. Sophisticated ransomware attacks employ disk or file-level encryption, making it impossible it recover files without paying the ransom demanded by the hackers.

The Damage

For cyber criminals to gain access to the system they need to download a type of malicious software onto a device within the network. This is often done by getting a victim to click on a link or download it by mistake. Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", traveled automatically between computers without user interaction. Once the software is on a victim's computer , the hackers can launch an attack that locks all files it can find within a network. This tends to be a gradual process with files being encrypted one after another. Users may encounter this threat through a variety of means. Ransomware can be downloaded onto systems when unwitting users visit malicious or compromised websites. It can also arrive as a payload either dropped or downloaded by other malware. Some ransomware are known be delivered as attachments from spammed email, downloaded from malicious pages through malvertisements, or dropped by exploit kits onto vulnerable systems. Large companies with sophisticated security systems are able to spot this occurring and can isolate documents to minimise damage. Individuals might not be so lucky and could end up losing access to all of their information. Cyber criminals often demand payment in return for unlocking the files. This is normally in the form of Bitcoin, the online crypto currency making tracing and prosecuting the perpetrators difficult. Once executed in the system, ransomware can either lock the computer screen or in the case of crypto ransomware , encrypt pre-determined files. In the first , scenario a full screen image or notification is displayed on the infected system's screen, which prevents victims from using their system. This also shows the instructions on how users can pay for the ransom. The second type of ransomware prevents access to files to potentially critical or valuable files like documents and spreadsheets.

Ransomware is considered "scareware" as it forces users to pay a fee (or ransom) by scaring or intimidating them. In this sense, it is similar to FAKEAV malware, but instead of capturing the infected system or encrypting files, FAKEAV shows fake anti-malware scanning results to coax users into purchasing bogus antimalware software

Why does ransomware matter?

For criminal organizations, the use of ransomware provides a very straight line from development to profit as the comparatively manual labor of identity. Theft requires more resources to the amount of effort put forth. Criminal actors become a military concern when malicious state cyber actors pose as cyber criminals, or when cyber criminals support state efforts in cyberspace. For IT professionals, the risk of ransomware extends beyond desktops and notebook workstations, but has historically included smartphones and other connected computing devices, such as Security network products and Android TV devices. While home users were traditionally the targets of ransomware, business networks have been increasingly targeted by criminals. Additionally, servers have become high-profile targets for ransomware attackers, as unpatched, internet-connected systems are easy Who does ransomware affect According to NTT Security's 2017 Global Threat Intelligence Report, 28% of ransomware attacks targeted businesses and professional service firms over the last year. 19% of attacks targeted government and public sector employees, with healthcare providers Service accounting for 15% of ransomware attacks. Enterprises are particularly appealing targets for targeted attacks. While larger organizations have deeper pockets to pick from they are more likely to have robust IT operations with recent backups to mitigate any damage and avoid paying the ransom.

They have been more brazen in their attempts to extort money from victims. However, "false" ransomware attacks in which attackers demand a ransom, though files are deleted whether users pay or not have also recently become widespread Perhaps the most brazen (though unsuccessful of these is a KillDisk variant that demands a $247,000 ransom, though the encryption key is not stored locally or remotely, making it impossible for files to be unlocked if anyone were to pay the ransom.

Since when it is happening

The first rudiment ransomware attack dates back to 1989, the first widespread encrypting ransomware attack was CryptoLocker, which was deployed in September 2013 Originally, victims of CryptoLocker were held to a strict deadline to recover their files, though the authors later created a web service that can decrypt systems for which the deadline has passed at the hefty price of 10BTC (as of June 17, 2017, the USD equivalent of 10 Bitcoin, or BTC, is approximately $25,339). While the original Crypto Locker authors are thought to have made about $3 million USD imitators using the Crypto Locker name have appeared with increasing frequency. The FBI's Internet Crime Complaint Center estimates that victims have paid more then 18 million US$ to restore access to their files.

Impact

A major global cybet attack disrupted computers at Russia's biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that infected more than 300,000 computers in May 2017 India was also among the countries affected by the ransom ware with the country's largest port Jawaharlal Nehru Port Trust in Mumbai shutting down operations at one of its three terminals. Operations at one of the three terminals of the country's largest container port were impacted as fallout of the global ransomware attack, which crippled some central banks and many large corporations in Europe. The rapidly spreading cyber extortion campaign, underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks. Businesses in the Asia-Pacific have reported disruptions.

The ransomware Virus includes code known as "Eternal Blue which cyber security experts widely believe was stolen from the US National Security Agency (NSA) and was also used in last months ransomware attack, named "WannaCry" The virus crippled computers running Microsoft Corp's Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin payments to restore access. More than 30 victims paid into the bitcoin account associated with the attack, according to a public ledger of transactions listed on blockchain info. Microsoft said the virus could spread through a flaw that was patchedina security update in March 2017. Globally, Russia and Ukraine were most affected by the thousands of attacks, according to Kaspersky Lab, with other victims spread across countries including Britain, France, Germany, Italy, Poland and the United States. The total number of attacks was unknown. Several private security experts have said they believe Shadow Brokers is tied to the Russian government, and that the North Korean government was behind Wannacry. Both countries' governments deny charges they are involved in hacking. The first attacks were reported from Russia and Ukraine. Russia's Rosneft, one of the world's biggest crude producers by volume, said its systems had suffered "serious but said consequences production had not been affected.
WPP, the world's largest advertising agency, said it was also infected. A WPP employee who asked not to be identified said workers were told to shut down their computers. "The building has come to a standstill," the employee said. A Ukrainian media company said its computers were blocked and had received the ransom demand. Petya or NotPetya! Petya is a family of encrypting ransomware that was first discovered in 2016. The malware targets Microsoft Windows-based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system. Variants of Petya were first seen in March 2016, which propagated via infected e-mail attachments. In June 2017, a new variant of Petya was used for a global cyber attack, primarily targeting Ukraine. The new variant propagates via the Eternal Blue exploit, which is generally believed to have been developed by the U.S. National Security Agency (NSA), and was used earlier in the year by the WannaCry ransomware. Kaspersky Lab referred to this new version as NotPetya to disambiguate it from the 2016 variants due to these differences in operation. In addition, although it purports to be ransomware, this variant was modified so that it is unable to actually revert its own changes.