Ransomware, a hired weapon
I am pretty sure that you would be a little surprised after reading the title of this post, and this is obvious as till now we have heard about multiple service offerings like Platform as a Service(PaaS), Cloud as a Service(CaaS), Software as a Service(SaaS) and Infrastructure as a Service(IaaS), etc. However, we have not heard about Ransomware as a service yet. In this article, we will try to explain what Ransomware as a service is all about. Before we start explaining this Ransomware service offering, let’s try to understand what Ransomware is all about.
What is a Ransomware? – Ransomware is a type of malware that attacks your system and encrypts your files and folders and then the attacker asks you to make a payment for sharing the decryption key which will be used to access your information again. There is no other way to get access to your information without entering the decryption key as strong encryption is used, you will keep seeing a prompt on your screen that your files are encrypted and will only be accessible once you make the payment to attacker in form of cyrptocurrency to keep their identity hidden. The payment could range from a small amount to a hefty amount.
How do I get infected by a Ransomware? – One of the most common way this malware attacks your system is through Phishing. You open an attachment from an email that seems from a legitimate source, as soon as you download the attachemnt, it enters your system and encrypts your files.
Examples of Ransomwares – WannaCry, Petya, CryptoLocker, Locky etc.
What is Ransomware as a Service?- This is altogether a new kind of business model where attackers/ransomware developers offers you the ransomware as a service(similar to software as a service model) offering that you can use to attack other systems. What this basically means, you can be an attacker even without having the knowledge and skills to create a ransomware, you will be asked to pay a commision to the developer for doing that. Customer just needs to create an account on RaaS portal by making a payment, and then customer would get access to a portal from where you can create the ransomware with a single click, see number of infections, total payment received etc. Then the customer tries to inject the same into the target’s system with the help of an email, as soon as the target open the attachment, the code is executed and files are encrypted.
Needless to mention, this is an illegal practice.
How can I protect my system from a Ransomware attack? – Do not open emails originating from unknown senders, ensure antivirus is up to date, ensure patches are updated at regular intervals, keep an eye on the forged email accounts for example, you might receive an email with domain @faceboook.com(there are three O’s).
Check on this link to read about more tips for protecting yourself and your organization from ransomware – https://csrc.nist.gov/CSRC/media/Projects/ransomware-protection-and-response/documents/NIST_Tips_for_Preparing_for_Ransomware_Attacks.pdf
Stay aware, stay vigilant!!