Академический Документы
Профессиональный Документы
Культура Документы
Ransom viruses
By
زيد أسامة عصام محمد صبري
الشعبة – بي/ – المرحلة الرابعة
Supervised By
1. Introduction
Ransom virus is a form of malware, which infects vulnerable computer
systems, preventing the victims from accessing data on that system and in some
cases threatening to erase data if the victim does not pay a ransom in a
stipulated time frame.
One typical example of ransom virus is called 'Ded Cryptor' which locks your
computer and files until you are forced to pay a ransom. The payment that it
demands is two Bitcoins which costs several hundred dollars. [1]
Ransom virus has caused quite an uproar in the cybersecurity world, due, in part,
to the recent WannaCry attack that crippled thousands of businesses. When
ransom virus strikes, the number one priority of most users will be to save their
data and restore their computers. However, for many businesses, recovering
their sensitive corporate data is merely the beginning.[1]
Republic of Iraq
Ministry of Higher Education and Scientific Research
Dijlah University College
Department of Computer Science
will not infect victims based on geographic location (i.e. Gand Crab excepts
Russia IPs). [2]
3. Types of ransomware
There are two main types of ransomware: crypto ransomware and locker ransomware.
Crypto ransomware encrypts valuable files on a computer so that the user cannot access
them.
Cyber thieves that conduct crypto ransomware attacks make money by demanding that
victims pay a ransom to get their files back.
Locker ransomware does not encrypt files. Rather, it locks the victim out of their device,
preventing them from using it. Once they are locked out, cybercriminals carrying out
locker ransomware attacks will demand a ransom to unlock the device.[3]
Republic of Iraq
Ministry of Higher Education and Scientific Research
Dijlah University College
Department of Computer Science
4. Ransomware examples
Locky: Locky is a type of ransomware that was first released in a 2016 attack by
an organized group of hackers.
With the ability to encrypt over 160 file types, Locky spreads by tricking victims to
install it via fake emails with infected attachments. This method of transmission is
called phishing, a form of social engineering.
Locky targets a range of file types that are often used by designers, developers,
engineers, and testers.[4]
WannaCry: WannaCry is ransomware attack that spread across 150 countries in 2017.
The attack hit a third of hospital trusts in the UK, costing the NHS an estimated £92
million. Users were locked out and a ransom was demanded in the form of Bitcoin. The
attack highlighted the problematic use of outdated systems, leaving the vital health
service vulnerable to attack.
The global financial impact of WannaCry was substantial -the cybercrime caused an
estimated $4 billion in financial losses worldwide. [4]
Bad Rabbit: Bad Rabbit is a 2017 ransomware attack that spread using a
method called a ‘drive-by’ attack, where insecure websites are targeted and used
to carry out an attack.
Republic of Iraq
Ministry of Higher Education and Scientific Research
Dijlah University College
Department of Computer Science
Drive-by attacks often require no action from the victim, beyond browsing to the
compromised page. However, in this case, they are infected when they click to
install something that is actually malware in disguise. This element is known as a
malware dropper.
Bad Rabbit used a fake request to install Adobe Flash as a malware dropper to
spread its infection. [4]
Ryuk: Ryuk ransomware, which spread in August 2018, disabled the Windows
System Restore option, making it impossible to restore encrypted files without a
backup.
The effects were crippling, and many organizations targeted in the US paid the
demanded ransoms. August 2018 reports estimated funds raised from the attack
were over $640,000. [4]
Troldesh: The Troldesh ransomware attack happened in 2015 and was spread
via spam emails with infected links or attachments.
This tale is definitely the exception, not the rule. It is never a good idea to
negotiate with cybercriminals. Avoid paying the demanded ransom at all costs as
doing so only encourages this form of cybercrime. [4]
Jigsaw: Jigsaw is a ransomware attack that started in 2016. This attack got its
name as it featured an image of the puppet from the Saw film franchise.
Jigsaw gradually deleted more of the victim’s files each hour that the ransom
demand was left unpaid. The use of horror movie imagery in this attack caused
victims additional distress. [4]
This allowed them to control part of the criminal network and grab the data as it
was being sent, without the criminals knowing. This action later led to the
development of an online portal where victims could get a key to unlock and
release their data for free without paying the criminals. [4]
5. SAFETY METHOD
Republic of Iraq
Ministry of Higher Education and Scientific Research
Dijlah University College
Department of Computer Science
To deal with ransomware experts given few suggestions to use before and after
infection as:
Step 2: Avoid all spam links if unknown. Use Ad blockers can protect against
malvertising. Turning off Java and JavaScript.
1. To save a system from ransomware attack first step to update the operating system,
sometimes it requires the patches thus installation of patches is next step.
Republic of Iraq
Ministry of Higher Education and Scientific Research
Dijlah University College
Department of Computer Science
3. Tasks of step 1 are meaningless if the system does not have any updated antivirus, so
it is a suggestion that system must have a good quality antivirus.
4. Cleaning of spam folder must be the next step after a removal of all
malware/spyware.
5. Java script files and website open option is risky so deactivate it at the end of all
precautions. [5]
References
1. https://enterprise.comodo.com/ransom-virus-on-computer.php
2.https://www.researchgate.net/publication/330895043_Trends_in_Design_of_Ransomware_V
iruses_11th_International_Conference_SecITC_2018_Bucharest_Romania_November_8-
9_2018_Revised_Selected_Papers
Republic of Iraq
Ministry of Higher Education and Scientific Research
Dijlah University College
Department of Computer Science
3. https://www.kaspersky.com/resource-center/threats/ransomware-examples
4. https://www.kaspersky.com/resource-center/threats/ransomware-examples
5.https://www.researchgate.net/publication/325777408_Ransomware_Evolution_Target_and_
Safety_Measures