What exactly is ransomware? How Does Ransomware Work?
How Does Ransomware Work?
Ransomware has been around for at least a decade, but in 2013-2014 it exploded, according to Panda Security’s Thierry Karsenti: “After years of evolution and experimentation, cybercriminals are now deploying ransomware on a massive scale, turning it into a big moneymaker.”
It is “a type of malicious software that infects a computer and restricts users’ access to the system by locking the system’s screen or threatening to publish the victim’s private data if a ransom is not paid.” This is according to the US Federal Bureau of Investigation (FBI). They also note that “there are currently no federal laws specifically targeting ransomware.”
Ransomware is often propagated as malware hidden in email attachments. It is also fake software updates for programs commonly downloaded by home users. So, it can be installed by exploiting security vulnerabilities on computers or networks.
What Is Crypto-ransomware?
Once it has infected a system, ransomware will either lock the system’s screen or encrypt files and directories. So, the latter case is known as crypto-ransomware. Crypto-ransomware typically uses strong encryption so that affected users do not have access to their files anymore.
The threat then informs users that they need to pay a ransom to decrypt their files and gain access to the system again. Crypto-ransomware typically spreads via spam emails pretending to be legitimate messages from delivery services or law enforcement agencies. Thus, accusing users of various violations and demanding fines payable within a certain period.
However, when such emails are opened by users, they can infect their computers with malicious ransomware attached as files. Also, as contained in macros included in the message body. Sometimes crypto-ransomware propagates via drive-by download attacks (using exploit kits) instead of emails.
A typical ransomware attack starts with a phishing email containing a link to a malicious website. This resembles an online service used by the target audience (e.g. PayPal). When they click on that link, victims are encouraged to install what they believe is an update or required plugin for that service.
This installs malware on their computers that lock them down until a ransom is paid in Bitcoin or another form of cryptocurrency. This attack pattern has emerged as one of the most common forms of cybercrime over recent years.
Cyber Threats Prevention
Network Forensics is a specialized area of computer forensics that involves examining data packets traveling. This is done through a network to identify vulnerabilities and prevent unauthorized access from hackers or other unauthorized users. It is also used during Cyber Security investigations where it helps determine what happened during an attack on a network.
This information can then be used to prevent future attacks from happening again. Network Forensics has several applications including identifying unauthorized access attempts and detecting internal/external threats. This includes determining how systems were compromised and understanding how traffic flows through networks.
It also includes analyzing packets that contain confidential information such as passwords and private messages. Thus, it identifies illegal activities such as child pornography activity, etcetera. There are several different types of network forensics including packet sniffing, packet analysis, and protocol analysis.
All of these include application layer analysis, content analysis (text analysis), and forensic analysis (utilizes file system metadata, which helps in cyber threats mitigation.