Since 2005, when the first documented case of a ransomware attack came into existence in the USA, the gravity and frequency of ransomware attacks are increasing relentlessly. The recent back to back ransomware attacks of WannaCry or Wanna Decryptor and NotPetya are the stark testimony of this. The infamous WannaCry alone took hostage of 100,000 organization’s computer in 150 countries world over. The South Korean web hosting provider paid $1 million to the malware attackers, the biggest known payout, to unlock its servers.
Experts believe, in the near future, such ransomware attacks are not going to cease, as organizations world over still lag behind in implementing proactive measures that would act as a possible deterrent. So, to protect and prevent systems in becoming prone to such ransomware attacks in future one ought to know certain key essential things which are as follows:-
Ransomware: It is a kind of malicious software, originating from ‘cryptovirology’- that deals with how to use cryptography to design powerful malicious software, serves two purposes: threatening victim to publish his or her data or encrypting files and information or blocking the entire device which cannot be accessed unless and until ransom is paid in specified time frame, or device is restored to factory setting. The former one is known as ‘crypto ransomware, ’ and the latter one is called ‘locker ransomware.’ In recent attacks attackers used cryptoviral extortion technique; encrypting victim’s files and demanding a ransom payment, usually in cryptocurrencies like Bitcoin, to decrypt them.
Modus operandi of ransomware encryption: It’s a well-organized mathematical-computational activity which involves symmetric and asymmetric algorithm. The attacker generates a key pair, and after placing the public key in malware he or she releases it. Now, for carrying out the cryptoviral extortion attack, the malware generates a random symmetric key and encrypts the victim’s data with it by using the public key already available in the malware. It results in asymmetric as well as symmetric ciphertext of the victim’s data; the symmetric key is used for preventing the recovery, and the asymmetric ciphertext is employed in a pop-up message to the victim that includes how to pay the ransom.
Ransom payment: The victims send the asymmetric cipher text and payment, usually in crypto currencies like Bitcoin as they are anonymous, then after receiving the payment, attacker deciphers the asymmetric ciphertext with the private key that he or she holds, and sends the symmetric key to the victim. Consequently, the victim deciphers the encrypted data with the corresponding symmetric key resulting in getting access to the device or the data though it is not guaranteed and in the process completing a successful crypto-virology attack.
A typical ransom amount: As of now it’s a booming illicit business, so attackers behind the scene as with any business field are following the basic economics rules. The trend shows the lowest ransom, and highest ransom varies wildly in numbers. Most of the cases have shown an average of $700 ransom demand; however, the 20% cases have as much as $1300 ransom demand. Overall, it seems that they’re testing the waters and apparently ‘price elasticity of demand’ is doing the runs.
Risk Mitigation: Updation of software coupled installing regular security updates released by software vendors, application control, keeping “offline backups” of data and critical essentialities, greylisting, removal of local administrator rights are some effective measures to prevent & protect devices and data from any possible ransomware attack.