The deadly ransomware is evolving, becoming more sophisticated and more deadly, more frequent,and spreading far and wide attacking servers, work stations, laptops, smartphones and other mobile devices. It’s business model is changing too, it is being offered as “ransomware-as-a-service”.
Till now, it is practically impossible to recover from a ransomware infection. Basically, there are two types of ransomware – Locky ransomware and crypto-ransomware. While Locky locks the screen of the device, crypto encrypts the data on the device. The controllers of the ransomware demand ransom in the form of bit coins to unlock the screen or provide the decryption code. With no solution yet for recovery against ransomware, the infected persons have no option but to pay up if they need the data.
Ransomware stymies the functioning of a device and when it affects business it has drastic consequences. The year 2016 has seen a spurt in ransomware attacks, and they are continuing. The business model of ransomware too has changed. Financial service providers, hospitals, and government IT systems seem to be the preferred targets.
New malware variants are being released and among them Teslacrypt, CTB-Locker and Cryptowall, were the top most. The ransomware were spread through malicious links to malicious web pages, malicious attachments and spam mails. Among these the Petya ransomware is more sophisticated than the other variants as it has the capability to overwrite the master boot record of the hard drive which prevents booting to the operating system. Petya can apply full disk encryption, which makes it more scarier than other ransomware.
In the dark web – the cyber criminal world – ransomware is being offered for sale, and as well as “ransomware-as-a-service”, where the creators/owners/controllers of the ransomware offer their malware to other cybercriminals who can use the malware by themselves for spreading and infecting (encrypting) victim’s systems. And if they are successful with the ransomware, they have to pay a percentage of the received ransom to the creators/owners/controllers of the ransomware, or according to their agreement they take a small part of the received ransom as commission (around 10%) and the rest goes to the creators/owners/controllers.
This trend is increasing in the dark web, as the perpetrators just offer their ransomware, and there are plenty of cyber criminals who do not have sufficient skills to write their own malicious code, but who can just “rent” the ransomware and try to infect victim’s devices with the malware.
Cyber security experts state that following basic IT security rules and taking adequate technological counter-measures can help prevent ransomware from infecting devices and locking up files.