Hackers Exposed: Discover the secret world of cybercrime (2019) by Barbosa de Azevedo Fernando Uilherme

Author:Barbosa de Azevedo, Fernando Uilherme [Barbosa de Azevedo, Fernando Uilherme]
Language: eng
Format: epub
Published: 2018-08-10T16:00:00+00:00

Chapter 15: Ransomware

Ransomware, sometimes called crypto viral extortion, is a form of malicious software that prevents users from accessing their personal files, usually through encryption. Hackers require that a ransom be paid before they unlock and return the information to the owner. Just like traditional ransom crimes, the motive for ransomware attacks are mostly purely monetary. Unlike scams and other types of cybercrime attacks, victims of ransomware are made aware of the exploitation. They are given specific instructions on how they can get their information, files, or system decrypted with a certain amount of money as payment. Payment is often through digital currencies such as bitcoin to hide the identities of the people involved.

This type of malware can be spread through malicious email attachments, infected external devices, infected software apps, and even websites that are compromised. The malware can do different things to the device or system, depending on how it was designed. It can simply lock access to a certain device or web browser – which can be easily reverse-engineered and reopened. Hackers, however, have developed stronger versions of ransomware that use public-key encryption to deny access to files on the computer.

A Trojan horse called the Crypto Locker was one of the first ransomware attack that used public-key encryption. The malware used the RSA cryptography and experts believed that if it was implemented properly, it would be impenetrable. The malware demanded payment through bitcoin or prepaid vouchers and was active from September 2013, until May 2014 when a security firm gained access to a command-and-control server used by the attack and recovered the encryption keys used in the attacks.

Another malware attack called WannaCry infected and encrypted more than ¼ of a million systems all over the world in May 2017. The malware used asymmetric encryption making the private and undistributed key to decrypt ransomed files impossible to recover. How WannaCry works is that it first arrives via exploit. The file is then delivered via exploit running as a service. The ransomware file is then dropped to encrypt the files or system, and then the component files for creating the ransom note are also dropped. Once all this is done, local and shared files are encrypted – and it targets 176 file extensions.

Since payments were demanded through bitcoin, the recipient of the ransom payments was impossible to identify. The impact of WannaCry was a lot more pronounced in some cases, but during WannaCry’s peak, only $100,000 bitcoins were given and transferred as ransom. However, this proved to be a futile attempt because there were no files decrypted after the payment was made.

The United Kingdom’s National Health Service, among the affected companies, was heavily affected to the point that it was even forced to take services offline during the attack. Other affected companies reported to have lost over $1 billion in total because of the damage. Researches, however, suggest that often the demands aren’t met. It’s difficult to come up with a solid statistic since several researches claim it’s 70%, while other studies claim that only 3% of US-based companies paid the ransom.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.