April 13, 2023 / By Securium Solutions
Ransomware malware are software that encrypts files and blocks access to a system until a ransom is paid. Ransomware attacks have become more frequent in recent years targeting both organizations and individuals. It is also encrypts backups if they are accessible. New ransomware is also able to disactive or suppress most antivirus software.
Cybercriminals also steal files before encryption and threats to leak them, putting more pressure on the victim to pay the ransom. The data leaks are shared on cyber criminals tor websites which are harder to trace and shut down. However, there is no guarantee that the cybercriminal will provide the decryption key or not leak any data if the ransom is paid. This is one of the main justifications why the majority – if not all – of law enforcement agencies advice against paying the ransom.
Individuals and smaller organizations are mostly targeted through cracking tools for paid software, malicious downloads, or phishing email.
Similar to Software-as-a-Service allows the ransomware developers to share their Ransomware (Ransomware as a Service) with other cyber criminals (called affiliates) in exchange for a percentage of the total ransom or for a fixed fee. Even affiliates with little technical knowledge can also carry out a ransomware attack.
In this manner, the developers can concentrate on improving their malware or launch targeted attacks against larger organizations. Affiliates having access to a network or a system (for example through stolen credentials or software vulnerabilities) mostly attack individuals or smaller organizations for ransom on a larger scale. This business model generates more revenue than if the developers attacked just on their own.
Ransom payment is demanded in cryptocurrencies, usually Bitcoin or monero. Cryptocurrencies offer a quick, untraceable, and anonymous method of payment. Before the first cryptocurrency (bitcoin) Ransomware was very limited due to the danger of being identified. The ransom payment had to go through banks or another financial institution, which complicated the process further.
In the coming years, the frequency of ransomware attacks will only increase and will become even more sophisticated as more and more its are offered as a service. This is why strong defenses against it should be set up, like proper backups and secure encryption of sensitive files.
Author
Karan
Cyber Security Intern
