Learn about Ransomware: 6 ransomware on computers

In the past, we have DoS/DDoS denial of service attacks to destroy a computer network by sending millions of traffic at the same time.

Now we have more Ransomware, also a 'villain' in the Internet world, but a type of data destruction, not only that, it also demands ransom on behalf of the hacker.

A double job, right guys, it's really dangerous with this kind of malicious code

For ordinary users, data is often not so important, however, for businesses or large corporations, data is sometimes more precious than gold.

So you can see, in recent years, Ransomware is appearing more and more dangerous types.

I. What is Ransomware?

Learn about Ransomware: 6 ransomware on computers Picture 1

Ransomware is a form of malicious code, a type of malware, and an encryption virus. Ransomware is known to users with 2 main harms, which are: FILE, DATA, and REMEMBER CODE.

When a computer is infected with Ransomware, usually the files on the system will no longer be accessible, or encrypted, leading to the inability to read the contents inside.

The common feature of these types of Ransomware is that the hacker will leave a README file detailing how to transfer the ransom (usually bitcoin), as well as how to contact to get the file back.

Learn about Ransomware: 6 ransomware on computers Picture 2

The ways that hackers use to attack your computer are typical: Exploiting Remote Desktop Protocol-RDP, Phishing email, or through 'junk flag' software.

There are two common types of Ransomware, which are:

– Locker: This form usually locks the features on the computer, you will not be able to open the Desktop, besides, the mouse and keyboard will not work as usual, but at least you can still proceed to switch. account for hackers.

With this form, you can turn off the computer, bring the hard drive to another computer to recover data, reinstall windows, scan for viruses, etc.

– Crypto: This type often encrypts important files, folders you often use such as Documents, Pictures, Videos, … and usually you can still use the computer normally.

Hackers often leave a warning 'If you do not pay the ransom before a certain xxx time, the entire encrypted file will be deleted and cannot be retrieved'.

Because for most users, there is no other way to get the file back other than paying a ransom to the hacker, and backing up data sounds pretty far-fetched to the vast majority of users, so so if it's important data, you have to obediently transfer.

II. Learn the famous Ransomware

Learn about Ransomware: 6 ransomware on computers Picture 3

#first. Locky

First used in 2016 by a hacker organization, Locky can encrypt more than 160 types of files, spread by sending emails with malicious code attached.

Due to curiosity with attractive Email headers, users manually open Email and install it on the computer => thereby getting caught by hackers. This attack method is also known as Phising in Social Engineering.

Learn about Ransomware: 6 ransomware on computers Picture 4

#2. WannaCry

The most popular ransomware in history, designed and campaigned very well, the WannaCry attack has spread across 150 countries in 2017.

The advantage of WannaCry is that it exploited a serious vulnerability in Windows (which was released by the NSA Exploit, then the Shadow Brokers hacker group).

This malicious code has affected more than 230,000 computers globally with a total economic loss of $4 billion, a third of the UK national hospital/UK NHS with a loss of around £92 million.

Learn about Ransomware: 6 ransomware on computers Picture 5

#3. Bad Rabbit

This malicious code attacks through a more dangerous method than Email Phising, which is Drive-by.

Roughly, a hacker will take control of many visited websites first, then change the content of the pages or redirect that page to a page that downloads malware files to your computer.

The victims are accessing the official website, so they fully believe that these files are not bad at all, and then install them on their computers at any time.

If you follow the Malware Dropper method, the website will ask users to download the Adobe Flash or Microsoft Office installer that contains Bad Rabbit inside.

Learn about Ransomware: 6 ransomware on computers Picture 6

#4. Ryuk

This is a type of encryption Trojan that appeared in 2018, Ryuk will disable the recovery function of the Windows operating system. Therefore, if the user wants to recover encrypted data, it is required to have an external storage copy.

In addition, it also finds and encrypts publicly shared hard drives in the victim's computer network (LAN). It is estimated that companies in the US have to pay more than $ 640,000 to pay for the file ransom.

Learn about Ransomware: 6 ransomware on computers Picture 7

#5. Shade/ Troldesh

This malicious code has been around since 2015, spreading through the distribution of spam emails containing links and attachments of malicious files.

Phising email is too normal, isn't it, the advantage of this method is that the hacker can still talk/communicate/build a relationship like two friends/or business partners and then send the file to lure the victim to install it on the computer. to spread Shade/Throldesh.

Learn about Ransomware: 6 ransomware on computers Picture 8

#6. Jigsaw

This Ransomware is quite scary because the name and Logo follow the bloody and violent movie - 'Saw'.

After the expiration of the file ransom transfer period, every hour that passes, more and more files on the computer will be deleted.

Jigsaw appeared in 2016 and it spread through email. After the user opens the file in the Email, all the files on the computer as well as the Master Boot Record of the operating system will be encrypted.

All files will be deleted after 72 hours, if you try to restart the computer, 1,000 files will be deleted immediately, in addition, some variants of Jigsaw also threaten to publicize the victim's sensitive information.

Jigsaw usually hides itself as Firefox or Dropbox, it is written in the .NET Framework language. But fortunately, there is now a tool to decrypt files caused by Jigsaw and users do not have to pay ransom anymore.

Other Ransomware can be mentioned such as: CryptoLocker, Petya, MADO, FAIR, Dharma Brrr, B0r0nt0k, GrandCrab, GoldenEye

Learn about Ransomware: 6 ransomware on computers Picture 9

III. Epilogue

Ransomware helps hackers shoot an arrow that hits 2 birds, a 'arrow hits 2 targets'. This is really a dangerous virus and it will become more and more dangerous in the future.

What is more worrying is that there is now a Ransomware rental service, allowing novice hackers to create a powerful malicious code for themselves. Like selling virus source code.

It is scary to see the future full of malicious code on the Internet, the worrying thing is that it also demands a ransom, which most of us have taken from Covid-19.

This extortion virus not only gives hackers more motivation to develop, but bitcoin is also a solid fulcrum for hackers. Because when transacting with bitcoin, the hacker will not leave a trace.

The negative fact from WannaCry is that the vulnerability it exploits has been patched by Microsoft a long time ago, but the infected computers are likely to have Windows Update turned off completely.

After all, ransomware prevention seems difficult but easy: As long as you update your operating system regularly, use security software.

Micah Soto

Update 11 November 2021