What is Ransomware ? — How Ransomware Works — Exploitbyte

History Of Ransomware:-

How Ransomware Works :-

Examples of Ransomware

  • WannaCry-A powerful Microsoft exploit was leveraged to create a worldwide ransomware worm that infected over 250,000 systems before a killswitch was tripped to stop its spread. Proofpoint was involved in finding the sample used to find the killswitch and in deconstructing the ransomware. Learn more about Proofpoint’s involvement in stopping WannaCry.
  • CryptoLocker-This was one of the first of the current generation of ransomware that required cryptocurrency for payment (Bitcoin) and encrypted a user’s hard drive and attached network drives. Cryptolocker was spread via an email with an attachment that claimed to be FedEx and UPS tracking notifications. A decryption tool was released for this in 2014. But various reports suggest that upwards of $27 million was extorted by CryptoLocker.
  • NotPetya-Considered one of the most damaging ransomware attacks, NotPetya leveraged tactics from its namesake, Petya, such as infecting and encrypting the master boot record of a Microsoft Windows-based system. NotPetya leveraged the same vulnerability from WannaCry to spread rapidly, demanding payment in bitcoin to undo the changes. It has been classified by some as a wiper, since NotPetya cannot undo its changes to the master boot record and renders the target system unrecoverable.
  • Bad Rabbit-Considered a cousin of NotPetya and using similar code and exploits to spread, Bad Rabbit was a visible ransomware that appeared to target Russia and Ukraine, mostly impacting media companies there. Unlike NotPetya, Bad Rabbit did allow for decryption if the ransom was paid. The majority of cases indicate that it was spread via a fake Flash player update that can impact users via a drive by attack.
  • ScareWare- Scareware, as it turns out, is not that scary. It includes rogue security software and tech support scams. You might receive a pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe.
  • Screen lockers :- Upgrade to terror alert orange for these guys. When lock-screen ransomware gets on your computer, it means you’re frozen out of your PC entirely. Upon starting up your computer, a full-size window will appear, often accompanied by an official-looking FBI or US Department of Justice seal saying illegal activity has been detected on your computer and you must pay a fine. However, the FBI would not freeze you out of your computer or demand payment for illegal activity. If they suspected you of piracy, child pornography, or other cybercrimes, they would go through the appropriate legal channels.
  • Encrypting ransomware :- This is the truly nasty stuff. These are the guys who snatch up your files and encrypt them, demanding payment in order to decrypt and redeliver. The reason why this type of ransomware is so dangerous is because once cybercriminals get ahold of your files, no security software or system restore can return them to you. Unless you pay the ransom-for the most part, they’re gone. And even if you do pay up, there’s no guarantee the cybercriminals will give you those files back.

How to protect from ransomware?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Exploitbytes

Exploitbytes

I am Ethical Hacker & Bug Hunter.