Over the last few months, there has been tremendous growth in the number of ransomware attacks running rampant in the wild. Cybercriminals have not only cracked this ‘business model’, but are successfully generating a significant amount of money through this attack avenue. What was once an attack technique that was aimed solely at susceptible individual users has now been strategically developed into the ability to penetrate advanced enterprise networks as well. Ransomware attacks are capable of causing significant system downtime, loss of critical data, Intellectual Property (IP) theft and more. In several industries, a ransomware attack is now considered on par with a significant data breach.
When compared against other malware, ransomware is highly destructive in nature and its popularity indicates how at-risk critical/important user data is and how this data is made unusable until a ransom is paid.
Here we will discuss ransomware under the following broad sections:
•What is Ransomware?
What is Ransomware?
Ransomware is a type of malware that restricts access to or damages infected computer systems for the sole purpose of extorting money from victims (holding them ransom). This money can be in the form of direct payments or via Bitcoins. Ransomware also has the capability to encrypt user files on a system and display threatening or incriminating messages on screen in order to demand money via online payment mechanisms. Ransomware can be broadly classified into the following two types:
In this case, it encrypts all important files and asks for a ransom to decrypt the files.
It locks the infected system completely and prevents the usage of the system until a ransom is paid.
Because computer users save and store multiple mediums of important documents, images, photos, source code etc. on their systems, ransomware variants ensure that they have the capability to encrypt all possible file types, in order to capitalize on saved personal data and images across the board. The extensions that are culpable to attack by ransomware are listed below:
*.c *.h *.m *.ai *.cs *.db *.db *.nd
*.pl *.ps *.py *.rm *.3dm *.3ds *3fr *.3g2
*.3gp *.ach *.arw *.asf *.asx *.avi *.bak *.bay
*.cdr *.cer *.cpp *.cr2 *.crt *.crw *.dbf *.dcr
*.dds *.der *.des *.dng *.doc *.dtd *.dwg *.dxf
*.dxg *.eml *.eps *.erf *.fla *.flv *.hpp *.iif
*.jpe *.jpg *.kdc *.key *.lua *.m4v *.max *.mdb
*.mdf *.mef *.mov *.mp3 *.mp4 *.mpg *.mrw *.msg
*.nef *.nk2 *.nrw *.oab *.obj *.odb *.odc *.odm
*.odp *.ods *.odt *.orf *.ost *.p12 *.p7b *.p7c
*.pab *.pas *.pct *.pdb *.pdd *.pdf *.pef *.pem
*.pfx *.pps *.ppt *.prf *.psd *.pst *.ptx *.qba
*.qbb *.qbm *.qbr *.qbw *.qbx *.qby *.r3d *.raf
*.raw *.rtf *.rw2 *.rwl *.sql *.sr2 *.srf *.srt
*.srw *.svg *.swf *.tex *.tga *.thm *.tlg *.txt
*.vob *.wav *.wb2 *.wmv *.wpd *.wps *.x3f *.xlk
*.xlr *.xls *.yuv *.back *.docm *.docx *.flac *.indd
*.java *.jpeg *.pptm *.pptx *.xlsb *.xlsm *.xlsx
Here are some screenshots of a few ransomware families:
Screen Blocker: Urausy