JK PANORAMA VOL 3 ISSUE 1 JANUARY

Imran Bashir Tantray
Ransomware
Malicious software for RANSOM
A global problem which we face in every passing year ransomware used to spread
current scenario is “RANSOMWARE”.A real with different tactics. Like in 2012 ransomware
threat which can disrupt or affect you anytime variants played an audio recording using the
and in any part of the world.Its attacks are victims native language and anot-her one
independent of your profile as it never matters bearing a fake digital certificate.In late
for the attacker's that who the host is.As the 2013,ransomw-are exhibited a new behavior
attacks are globally random so anyone can have and was named as “cryptolocker”. In 2014
the taste of it. “RANSOMWARE” is a type of TROJ_CRIBIT.A and TROJ_CRIBIT.B
software,maliciously designed to attack the emerged. In 2015 ra-someware was spread by
users and hijacks their computer. During the “Angler exploit kit”.In 2016 Locky(RAattack
the files in the computer are encrypted NSOM_Locky.A) was discovered and in April
and the access is denied to users unless and until 2016 “JIGSAW” e-merged with innovative
they pay a “RANSOM”(money paid for the routine. In may 2017 malicious worm
freeing of a hostage).Due to encryption of the “wannacry/WCRY” emerged to spread
files,it can be practically impossible to reverse ransomware.The attack by RANSOMWARE
or crack the files without the original encryption using wannacry began on Friday,12 may
key which only the attackers have access to.The 2017.By and large over 200,000 victims and
restoration of encrypted files is only possible on more than 300,000 computers got infected as a
payment of large amount of money as per their outcome of this attack. There are no special
demand.The m-otive for ransomware attack is means by which this worm spreads,it all h-
monetary as this is the only atta-ck in which a appens in a usual way.when a user is operating
victim is notified and than instructed for on a computer, he/she is always one or two clicks
recovery. The attackers are much vigilant and away from this attack.Sourc-es of ransomware
are capable to protect their criminal identity by infection are the same as for usual computer
demanding virtual payment.To decrypt the viruses i.e through email attachments and
encrypted files,ransomware demand $300-$600 infected files downl-oaded with multimedia
via bitcoin crptocurrency.This is a cyber attack from malicious websites. Mostly 'phish-ing'
in which “WANNACRY WORM” is used and technique was used to distribute this malware.In
infiltration is done. The unwanted and harmful phishing a person receives email which seems
attack initially started way back in 2005- from a trusted source.Whe- n a click is done on
2006,when in Russia several cases of the link in the email, malware like ransomw-are
ransomware infection were found for the first gets downloaded in the system. But on 12 may
time.As per report published by 'trend micro' 2017 infecti-on was likely through an exposed
about a ransomware case in 2006 in which a vulnerable SMB port rather than email phishing
ransomware variant (TROJ_CRYZIP.A) zipped as initially assumed.Once executed in the
some file types before overwriting the original system, ransomware either locks the computer
ones.Initially particular file types like screen or encrypt predetermined files.In the
Doc,XLS,JPG,ZIP,PDF were encrypted by screen lock case a full screen image or
ransomware.But with the passage of time its notification is displayed on the infected systems
ability to encrypt many different types of files screen which prevents the victim from using
gained momentum. Initially limited to Russia, their system.In the encryption type ransomware
ransomware soon found its way to other prevents a-ccess to files like documents and
countries across Europe due to its popularity and spreadsheets. Ransomware is considered as
profitable business model fro-m there on with “scareware” as it forces users to pay a fee or
16
January 2018