Ransomware is often just regarded as a piece of malicious software. However, it is much more than that. It features a series of unique characteristics that differentiate it from any other malware used by cybercriminals. Here are the top 5 perks that make ransomware a big deal.
1. Simplicity, in actions and behavior, makes proactive detection very difficult
Ransomware takes simple actions against a target computer. It reads system information and user files, creates or changes files, writes to files and deletes information. Such actions represent everyday authorized activity by legitimate users and applications. With some exceptions (e.g. WannaCry) ransomware does not usually exhibit virus-like capabilities and remains a simple program that uses files as most of us do.
2. Stealth technology avoids detection
While simple in its actions, ransomware embeds advanced, complex technology to elude detection of most antivirus technologies:
– Environmental awareness enables ransomware to bypass Sandbox technologies as well as virtual environments, generally used for reverse engineering;
– Code obfuscation techniques enables ransomware to hide its purpose and avoid detection based on heuristics;
– Ability to run from scripts and nonexecutable files, and exploit authorized programs renders Application Control technologies ineffective;
3. Intelligence ensures execution and delivery
Most see ransomware as a simple package that locks files out and asks for money to restore them. However, it is much more than that. It is an intelligent system that aggregates knowledge from a variety of fields to ensure the package gets executed.
– Social engineering and phishing techniques based on human psychology get the malicious file on the target computers;
– Advanced coding expertise and knowledge of operating systems and technologies ensure that the payload gets executed;
– Using crypto-currencies, allows attackers to monetize this activity without the risk of being tracked.
4. Efficiency allows locking out the files in a manner that permits and encourage monetization
Efficiency is probably the best word to describe the entire process. The ransomware uses all its perks to distribute, protect and run the payload on the victims’ machines in a very efficient manner, bypassing most security measures commonly in place in corporate environments. Once it executes, it leaves the system files untouched, or provide means for the victims to use their computer for paying a ransom. On the other hand, it attacks those files likely to be of great importance to maximize the chances of profit. Nothing that ransomware does is at random. The file extensions to be attacked, the management of cryptographic keys, the information to display as a ransom note, the system information to retrieve, everything is well planned to function on a massive scale.
5. Scalability allows automatic monetization involving a large number of victims
For ransomware to be successful in yielding substantial revenue, it needs to attack a large number of users. Therefore, distribution campaigns run widely across the globe. There are entire cloud-based service infrastructures hosted in the dark side of the Internet, to support all the processes needed for successful ransomware monetization. These platforms allow automatic management of the whole process, from distribution to monetization and file recovery, without the attackers’ intervention, for plenty of victims.
Ransomware, the #1 cyber security threat
All these perks work together to make ransomware the #1 cyber security threat. Ransomware is a complete and complex system similar to many legitimate businesses. Attackers turn their victims into “customers.” They communicate, offer guidelines, and even provide support to ensure that the victims pay the ransom.
When the targets are critical services highly relying on IT, like NHS institutions adopting EHR, the impact may be life threatening because of the downtime such incidents incur, and this is why all of us should be concerned with this t.
Learn more about what anti-ransomware is, how to protect against ransomware attacks, and how to recover from them by visiting our blog section.
Calin Ghibu – Technical background: over 16 years’ experience in testing, developing, researching and managing network security solutions. Currently focusing on building anti-ransomware and data auditing technology.