Ransomware - A quick check
Deplorable incidents involving ransomware attacks have been in full flow from the
past few years. Recently hospitals in Geelong and Warrnambool were stuck by
ransomware attacks leading to the cancellation of surgeries and appointments. Usage
of ransomware for gaining revenue has been highly preferred by cyber criminals and
the advent of bitcoin market for payments makes the attackers near impossible to
track and hence provides anonymity.
Security was not the primary concern during the inception of Internet, remember the
internet we use today is injected with a wide range of infinite bug, viruses and
malware. Then came the data encryption in transit and rest. Unfortunately the attackers have employed the same encryption to launch a myriad of cyber attacks. The true ideology that abides with the ransomware attacks, is to make the victim’s information inaccessible until a ransom is paid i.e., blackmailing or extortion.
Ransomware attacks can be categorised into two types, lockers and cryptors.
Cryptors (also known as Crypto Ransomware) is specifically launched for the purpose of extorting money. It is launched via a harmful program (could be email links, social media and messages), which encrypts files stored in mobile and computer Devices.
Lockers - On the other end of the spectrum, lockers deny access to the victim instead of encrypting them.
There are also other versions of ransomware, which could hack the webcam of the victim’s computer.
Even though we have new ransomware giving birth at a constant rate in the market
today, with the help of powerful tools like Ghidra and IDA Pro, potential mitigation strategies can be developed.
In my next blog focuses on how reverse engineering could be used as an effective mitigation strategy for ransomware.