Why the Web Remains a Primary Ransomware Vector?

W

To date, we continue to enjoy the internet, but literally, we don’t know the possibility of getting infected by a ransomware file. At least there are 54 different versions of ransomware today, with each one of them having multiple variants. Unlike malware which it intends to steal your personal information to get unauthorized access, ransomware exists to take your money.

Jump directly to

The biggest problem with ransomware attackers infects your network which becomes critical for your business, and you have no option but to pay them. You can imagine the blow when business data is no longer available for your routine activities. You can’t run the business unless you get your data back.

For instance, in 12th May 2017 saw the most dangerous cyber attack in history. Ransomware- Wannacry spread through the web in Europe in Windows OS devices. Within a few hours of the spread, over 200,000 devices were infected with big institutions like banks feeling the impact.

How does ransomware get the chance to store decryption key on your hard drive?

90% of ransomware exists on the internet, and that’s why the web remains a primary ransomware vector. All it takes is one click on a malicious link, a spam email or downloading a malware program that after that download ransomware without your consent. This is the typical way that ransomware ends up in your hand drive.

But today, things are getting different for ransomware attacks due to many activities running on the web. Attackers are using a dangerous ransomware malware- called CryptoWall which is injected as a link in legitimate advertising websites. CryptoWall will use JavaScript program to download and run ransomware with you not knowing it just happened.

In this moment when you click on a link in a spam email or a connection over the web you potentially activate malicious documents. With ransomware installed on your hard drive, it will take a few seconds to get your data encrypted, and they will give you a few days to pay thousand dollars to get it back.

Why ransomware goes undetected by antivirus programs?

Ransomware evades antivirus products, cybersecurity researchers, malware researchers, and law enforcement by using several evasion tactics. Here are some of the tactics that ransomware malware uses to keep the anonymity of its distributors:

1. Ransomware includes features like TOR and Bitcoin traffic anonymizers to receive payments as well as avoid being tracked by law enforcers.

2. It deploys domain shadowing to hide any communication between the cybercriminals automatically serves and the downloader.

3. Ransomware uses an anti-sandboxing mechanism such that it is not traced at all by the antivirus.

4. Command and control servers are encrypted, and it, therefore, becomes difficult to trace the traffic that ransomware is being transferred.

5. It can mutate enough to create a new variant that sticks on the ransomware mission.

6. It employs encrypted payloads that enhances more time for ransomware to unfold as well making it difficult for antivirus to detect it.

Ransomware well-known families existing on the web

There are plenty versions of ransomware on the internet. With their names running with a head such as CryptXXXX:

1. CryptoWall

This ransomware infects businesses, financial institutions, home computers, governments, and other institutions. It results to encrypting necessary files, and the setback is payment for lump sum amount to the makers. CryptoWall has reached its third version (CryptoWall) which cannot be broken by cyber attacks researchers. It spreads through malicious download, spam emails and browser exploit kits.

2. CryptoLocker

CryptoLocker is capable of locking all of your necessary files such as mp3s, movies, documents and images with unbreakable virtual encryption. Its infections were at the peak in 2013, when it infected over 150,000 computers in a month. Crypto mainly targets businesses and the general citizens.

3. WannaCry

This was ransomware used to attack windows OS devices in May 2017 in European nations. So far it has infected more than 150 countries, and it keeps spreading each day.

4. Petya ransomware

Petya ransomware infects Master Boot Record for payload and encrypting the available data. Petya ransomware family was discovered in 2016.

5. Uiwix ransomware

It is the most recent development of ransomware trying to imitate the impact that WannaCry had. It can replicate itself, but it does not include a killer switch domain.

6. Locky

Locky came with a bang in February 2016, after its makers and distributors extorted $17,000 from a Hollywood hospital to get back its encrypted files. It has continued to spread across the globe since.

7. Cerber ransomware

It is one of the earliest forms of ransomware encryption malware. The makers have upgraded its features bringing it back to cyber attacks in the first quarter of 2017.

8. TorrentLocker

TorrentLocker sorely depends on spam emails for its distribution. It uses practical grammar to trick citizen to open on malicious such that the makers get step ahead. It has high encryption features with no chances of breaking it at all.

9. Reveton

This kind of ransomware appears like a warning from security enhancement agencies. It uses elements like security logos and computer IP address to make everything real. The user can be informed the computer has been involved in illegal activities such as cyber attacks. It will then lock files and computer itself

Why the webs remain ransomware vector?

As we have seen, ransomware is a multi-dollar profitable scheme enforced by its makers and distributors. Ransomware targets any business; be it hospitals, bank institutions, governments, academic institutions among others. Unless malware that steals bank account information to commit a crime, ransomware instead encrypt necessary files and ask for payment for recovery.

Conducting your business online or perhaps login into your email account creates the chance for ransomware to carry out their attacks. Since almost everything is done online nowadays, outdoing ransomware becomes impossible. Many victims just find themselves paying significant cash to retain essential files. As a matter of fact, last year FBI reported ransomware attacks extorted $24 million.

As long we surf the internet, the web will remain a primary ransomware vector.

Actions you should consider against ransomware attacks

1. Backups

Backing up your important files to local devices and servers is the best defensive mechanism against ransomware attacks. Even if attackers manage to lock your computer, you won’t pay them a single coin. Note that backing up in a local storage device is offline and therefore becomes the best option since ransomware attacks cannot reach them.

2. Learning to say no

Ransomware hackers usually spasm you with emails carrying malicious attachments or instruct you to click on a URL that the ransomware will use to install itself on your machine. Recently it has adopted a more successful method that involves comprising advertiser’s network with malicious ads through the most website that you trust. You can always avoid clicking on suspicious files and ads or scanning them before opening

3. Disconnect your network when infected with ransomware

When you get hit by ransomware attacks, consider to immediately shut down your organization network operations to avoid the ransomware from spreading further. Afterwards, administrators should determine how to outdo the ransomware affecting them. If it is known variant, consider anti-virus companies to restrain ransomware.

About the author

By Expert

Browse by Category

JOIN OUR NEWSLETTER

Type e-mail address in the box below to receive latest news.

FOLLOW US