Ransomware Attack – The Modern Ways of Cyber Extortion

Ethical HackingSafe & SecurityCrimes

The recent ransomware attack has changed the definition of centuries-old style of demanding ransom. Typically what we know earlier that, the bad guys kidnapped a person or an item and held captive to extort money or property to secure their release. That is the typical way of demanding ransom which we sometimes found in our national and international newspapers as well as in many Hollywood and Bollywood movies where similar stories are kept on playing.

But, most of us may not ever thought of those files and folders on your desktops, laptops, and smartphones which can be locked and hold for ransom. It is indeed a frightful surprise for many of them who logged into their PC in the morning and found the ransom messages threatening to destroy their files, if the ransom is not paid.

Though this is not new to the world, there are many such incidents where the attackers hold data hostage using computer virus. But the recent massive attacks across the world are what many of us never expected ever.

What is Ransomware Attack?

It is a kind of malicious software which comes with an email attachment or clickable link that pretends to be innocent to get your attention. But when someone opens that attachment or clicks the link, the malicious software encrypts the complete hard drive, thus making it impossible to retrieve. All your important data, photos, videos everything will be encrypted and completely out of your reach. Simply, what you can see is a message, which threatens to destroy all your data unless you pay the ransom.

The first time this type of ransom attack was documented was in the year 2005 in the United States. After that, it quickly spreads the world and the recent massive attacks have affected as many as 150 countries across the world.

Such the attack is severe in the case of a corporate network. This ransomware attack has the ability to spread itself inside the corporate networks without any user interaction, by misusing a known vulnerability in Microsoft Windows. Microsoft has released the security patch in March 2017, but the computers that do not yet applied the latest Windows security updates are at high risk. They are vulnerable to this attack.

The Tricks They Play With You

The ransomware attackers are just like the other hacker who uses phishing techniques to get your data such as bank account number, passwords, and other important details by which they can steal money from your account. Similarly, the ransomware attackers also send you an email with an attachment or link. And an urgency message in the email which urges you to click on the link or open the attachment.

For example, if you will get an email from some trusted individuals or organizations like Amazon or eBay than you may not hesitate to open the attachment or click on the link. And when that contains the messages like “we are about to ship your products, click on the link for confirmation of your address”, or “Verify the attached invoice before we ship the products to your address”. The urgency and genuineness of such messages may not raise our eyebrows before opening the attachment or clicking the link. And that is the reason we often ignore to verify the genuineness of sender’s email address. You may not have ordered anything from Amazon and eBay that time so you may suspect the genuineness of the email, but there are many who are waiting for their ordered items, so they can easily fall into the trap.

The Impacts of The Ransomware Attack

Imagine the impact of recent ransomware attack that affected more than 200.000 victims across 150 countries. The ransom amount is varied from $200 to $500 per computer. According to Symantec Corporation, the average ransom amount is $300 per computer and the mode of payment for collecting ransom is Bitcoin accounts. The attackers have some bitcoin accounts on which they are asking the victims to pay the ransom amount.

The impacts of recent attack are so huge that it has stopped the functioning of some hospitals, schools, shops and automotive industries over the weekend. Even some of the world’s biggest organizations and government agencies have been affected in this recent attack. As per the news so far, the Russian interior ministry, FedEx in the US and Britain’s National Health Service are the major affected organizations and government agencies. The list of victims may be increased once the news comes out from all the corners.

According to Symantec, one of the leader in cyber security predicted that the recent attack would cost tens of millions dollars for the affected corporate networks.

The impact is worst in case of hospitals, where the patient’s records and all the vital information are locked in the computers. The doctors cannot see the records without paying the ransom.

As per the news reported in htTimes India, the other major victims included automaker Renault and its arm Dacia, the Nissan plant in northeast England, German rail operator Deutsche Bahn, Spain’s telecom giant Telefonica, Portugal Telecom and Telefonica Argentina, and a hospital in Jakarta.

Advisory on Ransomware Attack

Many governments and cyber security agencies are issuing the red alert advisory warning to the users to not to pay the ransom amount. The Computer Emergency Response Team of India (CERT-In) has issued a red-coloured ‘critical alert’ in connection with the ransomware attack.

Individuals or organizations are not encouraged to pay the ransom as this does not guarantee files will be released. Report such instances of fraud to CERT-In and law enforcement agencies,” CERT-In said.

The US government has also issued a similar advisory on how to protect from this attacks and asking the victims to report the incidents to the Federal Bureau of Investigation or Department of Homeland Security.

Though the government agencies are advising not to pay the ransom, but few individuals and organizations are already started paying the ransoms. According to Elliptic Enterprises Ltd. the company that tracks the online financial transactions, and currently tracking three Bitcoin addresses those known to be associated with the WannaCry ransomware, currently showing on their website that total ransomed to date deposited in those accounts is $70,917.60. This is just out of the three identified bitcoin accounts, there may be other accounts which yet to be identified.

Finally, though the recent attack is not new but the massive impacts on various institutions and government agencies is creating havoc in masses. The cyber security agencies are kept on advising people on how to protect their laptops, PCs, and Smartphones from this ransomware attack, and not to fall into the trap. It is advisable to report such attack in case you are the victims and do not pay the ransom amount as there is no guarantee that whether you will get back your files and folders even after paying the ransom.

Updated on 23-Jan-2020 09:49:04