Ransomware… cybercriminals have really lost the plot with this one. Let me elaborate. Ransomware is an attack used by cybercriminals to extort money from users and businesses. It is a form of malware that locks and encrypts a victim’s computer and then demands money (usually in bitcoin) to give the victim their computer access back. Cybercriminals usually set a time limit on when to receive payment. Umm, first of all, who are you rushing? Because even if you do pay they most likely won’t give your access back.
Who remembers floppy disks though? Well, the first ransomware attack was done on a floppy disk back in 1989, which encrypted the files of the World Health Organisation AIDS researchers, but the hacker ONLY asked for $189, which is a very light sum if you ask me. The ransomware attack has evolved ever since this event with even smarter methods of encrypting victims’ PCs.
Multiple attack vectors can be used to execute the ransomer attack. One way Ransomware is delivered, is by a phishing scam. If you remember my phishing blog, these scams are sent as attachments or links in cleverly crafted e-mails. Once the link or attachment is downloaded, cybercriminals can take over the victim’s computer and encrypt all the files making it inaccessible to the user.
Another way ransomware can be executed is via an exploit kit*. When a user visits a compromised website they will be redirected to an exploit kit landing page. A drive-by download** is then executed, and the system then becomes infected which will cause the files to be held for ransom. Let’s explore the various types of attacks that we may face.
Ransomware Types
There are different types of ransomware attacks. To name a few, Double Locker is a ransomware attack that affects android devices (hmm, if I speak), that encrypts the users’ data with an advanced encryption standard (AES) mechanism and also changes the users’ pin code. Boy, I do feel for you android users. Apple had a ransomware attack called KeRanger wayyyy back in 2016 but we don’t need to get into that. Moving on… another type of ransomware called Doxware,iswhere the attacker will threaten to publish your sensitive files online if you don’t pay up. Lastly, there is Scareware, which is a fake software that pretends to be an antivirus and will pretend to have found problems with your PC and then demand payment to fix it.
Real Life
In the UK, the NHS was a victim of the WannaCry ransomware attack which saw hospitals and GP surgeries being brought to a halt for several days. A lot of the NHS devices that were infected had not been updated and were running unpatched software. This then spread throughout the whole NHS network, luckily the email system was untouched but a lot of appointments and operations were cancelled. This attack cost the NHS roughly £92m to restore systems and data to normal. I would collapse if I was the employee that opened the email attachment. The NHS did not pay the ransom in the end and a guy named Cyber T… I mean Marcus Hutchins stopped the attack. This was a very huge case and as a result, a lot of lessons were learned from this. For other organisations, this was a massive wake up call as they had to figure out how best to detect and reduce the likelihood of this attack occurring in their network.
Detection & Recovery
There are a few ways in which organisations can reduce the likelihood of a ransomware attack occurring, whilst also using methods to recover from such an attack. Organisations should make use of honeypots*** as this will aid the early detection of malware and protect the organisation. There are a few things an organisation can do to recover from a Ransomware attack. One way to recover is to disconnect the infected system from the network to reduce the chances of it spreading. An organisation can also find out the affected data as a result of the attack by taking a snapshot of the system before shutting it down, which will then give them more details about the attack. When it comes to ransomware, anyone can get it but there are ways to reduce the chances of falling victim to the attack (Check Tips with T). Being cyber smart isn’t all that hard, just taking little steps can help us stay safe from these sort of attacks.
| ‘ Tips with T ‘ |
| – Ensure you have up-to-date security software – Know how to spot malicious emails – Ensure you back up your important data to external drive/cloud – Don’t pay the ransom |
** It’s a download that happens without users knowledge or consent
*** Fake file system which hackers will target, which allows an organisation to spot them
Love & Guidance
TT
The TT Protocol 
92Ms? I would’ve done it for 9.2Ms!
LikeLike
Veryyyy insightful. Learnt a lot of new things from this post. Well done T 👏🏾
LikeLike