- 18 Nov 2021 13:47
#15198570
Ransomware has been in the news here lately and can affect home users as well as big corporations like Colonial Oil during the ransomware attack they suffered that caused supply disruptions in gas and fuel. Its important people are educated on the different types of Ransomware out there as part of an effort to combat this epidemic:
Cryptoware Ransomware- Encrypts all or some files on a computer system or device and demands payment in return for the decryption key. This type of ransomware can also go after other computers or devices networked with the compromised system, network shares, and also encrypt data on Cloud services. Some examples of cryptoware ransomware are Locky, WannaCry, Bad Rabbit, Ryuk, SamSam, and of course, we never want to forget our favorite, Petya.
Locker Ransomware- This type of ransomware blocks access to computer systems entirely. It totally prevents a system from being used and violates the "Availability" part of the CIA triad (Confidentiality, Integrity and Availability). Examples of locker ransomware include MrLocker, Metropolitan Police scam, FBI MoneyPak scam. This type of ransomware malware will claim the user visited illegal websites and impersonate law enforcement like the FBI for example even if the user hasn't visited any sort of illegal websites. It basically scares the user into paying the ransom preying on their fears. Below are examples of FBI MoneyPak scam locker ransomware from Youtube.
Doxware Ransomware- Doxing is where somebody posts somebody else's personal information online. This is generally sensitive personal information. Doxware threatens to do this unless a ransom is paid. Doxware takes the system hostage and will threaten to release private personal information such as photographs for example unless the ransom is paid. I am sure celebrities and other public figures would be a target of Doxware. Also, hospitals or health companies that must be compliant with HIPPA laws and regulations would certainly be a big target of Doxware. Doxware like LeakerLocker also target smartphones and search for sensitive personal information there.
Ransomware as a Service- Then there are the inventive enterprising criminals of the Dark Web who have come up with the concept of Ransomware as a Service. Ransomware as a Service is like the Public Cloud Software as a Service Office 365 of criminal enterprise on the Dark Web. It's a "service" that leases ransomware malware in the same way that legitimate software developers lease SaaS products. This gives everyone, including those without much technical knowledge, the ability to launch ransomware attacks simply by signing up for a service on the Dark Web. It is a subscription-based "service."
Mobile Ransomware- Of course, we can't leave out mobile ransomware either. This type of ransomware is usually is Locker type ransomware which is using its own password to prevent a user from getting access to their smartphone to be able to use it. Some of this mobile ransomware malware, once the user is tricked into giving the malware administrative privileges on their smartphone, will take a stealth picture of the user and then use that picture to extort the owner of the smartphone.
Scareware can also be used as a form of ransomware by scaring users into paying fees like claiming their computer is infected and if they just pay the money, they will disinfect the computer. These are examples of the various different kinds of ransomware variants out there and for security professionals it's important we understand these variants.
Especially, since ransomware has become such an epidemic and big problem here over these past few years. We can see these cybercriminals come up with some new inventive, creative ways for extorting people out of their money and making money illegally on the Dark Web. They are always looking for a new way to "innovate."
Cryptoware Ransomware- Encrypts all or some files on a computer system or device and demands payment in return for the decryption key. This type of ransomware can also go after other computers or devices networked with the compromised system, network shares, and also encrypt data on Cloud services. Some examples of cryptoware ransomware are Locky, WannaCry, Bad Rabbit, Ryuk, SamSam, and of course, we never want to forget our favorite, Petya.
Locker Ransomware- This type of ransomware blocks access to computer systems entirely. It totally prevents a system from being used and violates the "Availability" part of the CIA triad (Confidentiality, Integrity and Availability). Examples of locker ransomware include MrLocker, Metropolitan Police scam, FBI MoneyPak scam. This type of ransomware malware will claim the user visited illegal websites and impersonate law enforcement like the FBI for example even if the user hasn't visited any sort of illegal websites. It basically scares the user into paying the ransom preying on their fears. Below are examples of FBI MoneyPak scam locker ransomware from Youtube.
Doxware Ransomware- Doxing is where somebody posts somebody else's personal information online. This is generally sensitive personal information. Doxware threatens to do this unless a ransom is paid. Doxware takes the system hostage and will threaten to release private personal information such as photographs for example unless the ransom is paid. I am sure celebrities and other public figures would be a target of Doxware. Also, hospitals or health companies that must be compliant with HIPPA laws and regulations would certainly be a big target of Doxware. Doxware like LeakerLocker also target smartphones and search for sensitive personal information there.
Ransomware as a Service- Then there are the inventive enterprising criminals of the Dark Web who have come up with the concept of Ransomware as a Service. Ransomware as a Service is like the Public Cloud Software as a Service Office 365 of criminal enterprise on the Dark Web. It's a "service" that leases ransomware malware in the same way that legitimate software developers lease SaaS products. This gives everyone, including those without much technical knowledge, the ability to launch ransomware attacks simply by signing up for a service on the Dark Web. It is a subscription-based "service."
Mobile Ransomware- Of course, we can't leave out mobile ransomware either. This type of ransomware is usually is Locker type ransomware which is using its own password to prevent a user from getting access to their smartphone to be able to use it. Some of this mobile ransomware malware, once the user is tricked into giving the malware administrative privileges on their smartphone, will take a stealth picture of the user and then use that picture to extort the owner of the smartphone.
Scareware can also be used as a form of ransomware by scaring users into paying fees like claiming their computer is infected and if they just pay the money, they will disinfect the computer. These are examples of the various different kinds of ransomware variants out there and for security professionals it's important we understand these variants.
Especially, since ransomware has become such an epidemic and big problem here over these past few years. We can see these cybercriminals come up with some new inventive, creative ways for extorting people out of their money and making money illegally on the Dark Web. They are always looking for a new way to "innovate."