Header Ads

Ransomware: All that you want to know

Ransomware: All that you want to know
Ransomware is the new threat of the internet and it is increasing day by day. There are many questions which I come across on the internet about this. In this article, I am going to do the in-depth analysis of “Ransomware.”

What is Ransomware?

The first question which is asked, what is this new term? As per the definition available on the internet “Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected e-mail attachment or visiting a hacked website.

Upon compromising a computer, ransomware will typically either lock a user's system or encrypt files on the computer and then demand payment before the system or files will be restored.”

In another word we can say, any malicious software that is planted on your PC through different media of internet especially from the porn and pirate sites, which freezes your device and data and to unlock the same you have to pay some amount to the hackers. There are many ways to which your PC will get infected by malicious software, on which we will talk later in this article.

History of Ransomware

Surprisingly ransomware has long history and background; it has been the most pervasive cyber threat since 2005. According to publicly available information, ransomware infections have outnumbered data breaches 7,694 to 6,013 over the past 11 years.

Over the years there have been two distinct varieties of ransomware which remains consistent: crypto and locker based. These two types are discussed in detail in next point.

Types of Ransomware

Some of the common ransomware are as follows:


Ransomware has been around in some form or another for the past two decades, but it really came to prominence in 2013 with CryptoLocker. The original CryptoLocker botnet was shut down in May 2014, but not before the hackers behind it extorted nearly $3 million from victims. Since then, the CryptoLocker approach has been widely copied, although the variants in operation today are not directly linked to the original. The word CryptoLocker is much like Xerox and Kleenex in their respective worlds, it has become almost synonymous with ransomware.


CryptoWall gained notoriety after the downfall of the original CryptoLocker. It first appeared in early 2014, and variants have appeared with a variety of names, including Cryptobit, CryptoDefense, CryptoWall 2.0 and CryptoWall 3.0, among others. Like CryptoLocker, CryptoWall is distributed via spam or exploit kits.


The criminals behind CTB-Locker have taken a different approach to virus distribution. Taking a page from the playbooks of Girl Scout Cookies and Mary Kay Cosmetics, these hackers outsource the infection process to partners in exchange for a cut of the profits. This is a proven strategy for achieving large volumes of malware infections at a faster rate.


Locky is the relatively new type of ransomware, but its approach is familiar. The malware is spread using spam, typically in the form of an email message disguised as an invoice. When opened, the invoice is scrambled, and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption. Bitcoin ransom is demanded when encryption is complete.


TeslaCrypt is another new type of ransomware on the scene. Like most of the other examples here, it uses an AES algorithm to encrypt files. It is typically distributed via the Angler exploit kit specifically attacking Adobe vulnerabilities. Once a vulnerability is exploited, TeslaCrypt installs itself in the Microsoft temp folder.


TorrentLocker is typically distributed through spam email campaigns and is geographically targeted, with email messages delivered to specific regions. TorrentLocker is often referred to as CryptoLocker, and it uses an AES algorithm to encrypt file types. In addition to encoding files, it also collects email addresses from the victim’s address book to spread malware beyond the initially infected computer/network—this is unique to TorrentLocker.


According to ArsTechnica, KeRanger ransomware was recently discovered on a popular BitTorrent client. KeRanger is not widely distributed at this point, but it is worth noting because it is known as the first fully functioning ransomware designed to lock Mac OS X applications.

How ransomware work?

As per the Norton website, “These aggressive assaults begin in a similar manner to scareware. You’re duped into clicking on an infected popup advertisement or you visit an infected website. However, instead of just trying to trick you into buying fake antivirus software, the bad guys hold your computer hostage and attempt to extort payment.

In some instances, ads for pornographic websites appear on your screen each time you try to click on a Web page. The ads cover a portion of the page you’re trying to view. “Just imagine you’re sitting at work and that happens to you,” says Eisen. One ransomware attack puts time pressure on the victim, stating that a piece of your data will be destroyed every 30 minutes if you don’t pay up. Another attack attempts to force you to purchase a program to de-encrypt your data.

The criminals often ask for a nominal payment, figuring you’ll be more likely to pay to avoid the hassle and heartache of dealing with the virus. They may ask for as little as $10 to be wired through the Western Union, paid through a premium text message or sent through a form of online cash.”

Hope the above information will help you guys preventing “Ransomware” in your PC’s or laptops, for more information on “Ransomware” please refer Part II of this article. Also, do share your opinions and other suggestions on how to prevent “ransomware” in PC’s or laptops.

No comments

Powered by Blogger.