How ransomware spreads via the web

What is Ransomware?

A ransomware attacks can able to conflict, collapse or destroy your files even if its secure. No matter how your data has secured. As per our aspect this may the examples of further attacks like war via Inernet.

  • Spam email campaigns that contains attachments or malicious links
  • Security exploits in vulnerable software
  • Internet traffic redirects in to malicious websites
  • Legitimate websites that have malicious code injected in their web pages
  • Drive-by downloads
  • Malvertising campaigns
  • SMS messages (when targeting mobile devices)
  • Botnets
  • Self-propagation (spreading from one infected computer to another); WannaCry, for instance, used an exploit kit that scanned a user’s PC, looking for a certain vulnerability, and then launched a ransomware attack that targeted it.
  • Affiliate schemes in ransomware-as-a-service. Basically, the developer behind the ransomware earns a cut of the profits each time a user pays the ransom.

 

Why “Ransomware” often goes undetected by AntiVirus?

So here are just a few of the tactics that encryption malware employs to remain covert and maintain the anonymity of its makers and distributors:

  • Communication with Command & Control servers is encrypted and difficult to detect in network traffic;
  • It features built-in traffic anonymizers, like TOR and Bitcoin, to avoid tracking by law enforcement agencies and to receive ransom payments;
  • It uses anti-sandboxing mechanisms so that antivirus won’t pick it up;
  • It employs the domain shadowing to conceal the exploits and hide the communication between downloader and the servers controlled by cyber criminals.
  • It features Fast Flux, another technique used to keep the source of the infection anonymous;
  • It deploys encrypted payloads which can make it more difficult for antivirus to see that they include malware, so the infection has more time to unfold;
  • It has polymorphic behavior which gives it the ability to mutate enough to create a new variant, but not so much as to alter the malware’s function;
  • It can remain inactive on the system until the computer is at its most vulnerable moment and take advantage of that to strike fast and effectively.

This ransomware attacks is not only threats to small business and organization it has an impact on people as well.

Leave a Reply

Your email address will not be published. Required fields are marked *