How is Ransomware Evolving?
Ransomware, one of the most lucrative types of attacks currently, is a software devised to block access to a system or a software that threatens to publish a victim’s data unless a ransom is paid. Ransomware has been a risk to enterprises and individuals since the mid-2000s and about 7,600 ransomware attacks have been reported in the last 13 years [1]. A few ransomware variants are CryptoLocker, CryptoWall, and TeslaCrypt. Variants and attacks have increased over the years and targeted sectors ranging from healthcare to banking.
Studies suggest that ransomware has steadily increased as a result of the advancements made in this field, by its creators. Ransomware developers are not only making encrypted files harder to recover but also making sure that ransomware is tough to find – by changing the predictable nature of the same.
What are some of the techniques ransomware developers are using? Firstly, ransomware creators are decreasing the speed of the encryption process and randomizing it to avoid detection. For instance, if the threshold of the detection tool is looking for X number of files being accessed in 5 seconds, creators are spreading the time frame over 1000 seconds so that they are not detected. This process of spreading the time of encryption over a larger amount of time not only encrypts files but also attacks back-ups and encrypts them. With regards to randomizing this process, while anti-ransomware tools look for linear patterns in encrypting data, ransomware developers overwrite files rather than going through them in a linear manner – to avoid any detection. Interestingly, ransomware developers also use polymorphic codes in order to complicate ransomware detection. The polymorphic code changes every 20 seconds – which makes statistical detection of ransomware files exceptionally difficult [2].
Secondly, to save time and effort, ransomware creators are avoiding files and going directly for the hard drive code. By doing so, they are entitled to all the contents of the hard drive and do not need to encrypt every file for ransom [2]. In 2017, a famous ransomware attack called WannaCry affected computers in over 100 countries. The hard-drive encrypting malware spread across 230,000 computers and caused a loss of millions. The attackers asked for $300 of bitcoin and threatened to double the ransom or delete the victim’s files permanently if the ransom was not paid in time [3]. Lastly, developers are targeting old operating systems and staying away from the latest versions such as Microsoft Windows 10 and Apple MacOS as they are mostly protected against ransomware [2].
To conclude, to combat this rapid evolution in ransomware, it is essential for individuals to not only keep their computer’s software up to date and back up data regularly, but also learn about the tricks used by ransomware creators to spread ransomware.
References
[1] – https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time
[2] – https://www.csoonline.com/article/3267544/ransomware/11-ways-ransomware-is-evolving.html
[3] – https://www.zdnet.com/article/wannacry-ransomware-crisis-one-year-on-are-we-ready-for-the-next-global-cyber-attack/