Main Content Description of Threat Ransomware threatens victims by extorting both businesses and consumers by crippling the computer system preventing you from accessing your data until a ransom is paid usually in Bitcoin If failed to pay the ransom within a timeframe files will automatically be deleted Most of the times victims have no idea of being infected until a ransom message displayed on the screen and crippled the system According to a report by Symantec In the first six months of 2017 Symantec blocked just over 319 000 ransomware infections If this infection rate continued for the full year 2017 would be a significant increase over 2016 when a total of 470 000 infections were blocked 1 this has shown that ransomware attacks are still on the rise With technologies advancement users are vulnerable to increasingly sophisticated cyber attacks Causes of ransomware attack Lack of employees training Employees are like a key pass for a ransomware attack to happen in the organisation Majority of them are not trained which explains why they could not recognise scams malicious links and emails that may contain viruses yet they are frequently exposed to sophisticated phishing attacks Malicious websites web ads Now with everyone relying on the internet for their source of information Internet users often surf the internet without thinking of consequences click as and when they like because of their limited knowledge on possible cyber attacks
Now even trusted websites with a high volume of visitors will have malicious advertisements placed through ad networks by attackers Lack of security Successful infections most of the time are believed to be due to companies not regularly install updates computers are still running the older Windows XP and patches were not implemented 2 Why is it a threat Ransomware threats can incur a large cost to both businesses and individuals Besides huge amount of a damage costs predicted to exceed 5 billion in 2017 according to CybersecurityVentures report 3 attackers are hijacking and stealing valuable information from victims systems seeing files that are supposed to be confidential resulting in data leakage and for hospitals putting lives at risks by rejecting patients as files are being encrypted and are not able to access and process patients information Nature of Threat How does the threat work Who is affected How ransomware is spread There are a few distribution methods of ransomware Emails being the primary distribution method and followed by Exploit kit According to Symantec report 4 Emails are often received by unknown addresses containing a malicious attachment that carries a downloader like JavaScript downloader or Word Macro down loader for users to download while some do not carry a downloader but a malicious attachment that will straight away install the ransomware
Other than attachments attached to emails there are also links in spam email that directs to an exploit kit or a downloader or a ransomware payload One of the most successful and longest examples of using Emails to spread malware is the Locky ransomware where it has made its appearance during 2016 and 2017 Based on ZDNet report over 23 million emails containing Locky were being dispatched using botnet within a day 5 With exploit kit ransomware attack could infect any computers at any point of time even without a click on the internet Exploit kit purpose is to identify vulnerabilities on one s computer and injecting malicious code into it Such that exploit kit compromise third party web servers and inject iframes into the web pages hosted on them the iframes then direct browsers to the exploit kit servers Examples of exploit kit attacks that spread ransomware threats are Cerber and CryptXXX 6 Potential Target Anyone on the internet is exposed to ransomware attacks especially industries like Education Government Energy or Utilities Healthcare Retail and Finance are the main targets of attackers as they are considered an easy target and could afford ransom payments Knowing that data files are vital to their day to day operations 7 A few examples of the families of ransomware are Bad Rabbit WannaCry and Petya Bad Rabbit is the latest example of a virus to extort money from victims across the globe which had just happened during October 2017 strikes attacks on organisations across Russia and Eastern Europe Bad Rabbit spreads by instilling a drive by download and tricked victims such as tricking victims to download a fake Adobe Flash Installer 8 After installing Bad Rabbit would then encrypt the files and demand a ransom On May 2017 a ransomware attack by the WannaCry to over 150 countries including Singapore whereby there are about 500 Singapore IP addresses being affected 9 WannaCry used EternalBlue an exploit to spread its malware across the internet by scanning random IP addresses to find other unprotected computers to carry out its attack in which the attack has affected nearly a quarter million of computers worldwide crippled National Health Service NHS in the United Kingdom UK where staffs were not able to access to their data on the computers and had to turn away patients putting lives at risk 10 Despite patch warnings NHS ignored them causing devastating consequences
According to Petya ransomware outbreak report by Symantec 11 Petya targeting European organisations used EternalBlue similar to WannaCry But the additional use of SMB network as spreading techniques to allow spreading of attack within organisations even if patches were made against EternalBlue Not only does it encrypt files it also overwrites and encrypts the master boot record MBR this shows that Petya wasn t mainly focusing on money but to wipe out information
