BotNet News

Your source for Online Security News

Ransomware

Ransomware is malware that encrypts files on a victim’s computer and demands a payment to unlock them. Generally, it uses a combination of symmetric and asymmetric encryption techniques. During the encryption phase, the ransomware generates a random symmetric key by calling a cryptographic API on the operating system (Zimba et al., 2019). The symmetric key is then used to encrypt all the victim’s files as the ransomware traverses the file system. Once all files are encrypted, the ransomware sends a public-private key pair to a command and control (C&C) server.

Attackers use multiple methods to access a victim’s computer, including social engineering and exploiting vulnerabilities. For example, the WannaCry outbreak abused the EternalBlue vulnerability, which allows attackers to gain remote access to a network by spoofing a legitimate Microsoft RDP service. Other ransomware variants rely on password guessing and social engineering tools, such as phishing spam or attachments masquerading as legitimate files. Some, like Maze and Ryuk, even steal sensitive data from victim computers before encrypting them. This can be especially devastating for organizations that must keep the compromised information confidential, such as government agencies, medical facilities or law firms.

Some ransomware displays a note on the victim’s screen to inform them that their data has been locked and instructions on how to pay an electronic fine to unlock it. In the worst cases, attackers may also claim to be part of a government agency and threaten that unlicensed software or illegal web content has been detected on the computer.