Digital Robbery - Ransomware

Ransomware Risk Analysis – Ransomware Investigation – Ransomware Attack

Ransomware

Investigation

Growing Threat

The threat of ransomware has grown over the years. Millions of organizations and companies have been hacked. The costs amount globally to billions of USD and the number of future ransomware cases are projected to rise even more.

Ransomware attacks are now a very common type of tool used by attackers. Organized crime groups and criminal ransomware gangs will use targeted ransomware attacks which can cost organizations millions of dollars. Besides that, your data might still be appearing on the dark web in data breaches. Even when you have paid… Getting back on your feet will require many days, if not weeks or months to have your computers working again and regain full access to the servers and your data.

Ransomware is a type of malware that will:

  • threaten to publish the victim’s personal data online
  •  block access to your device until you pay the ransom fee
  • extort the victim (extortion attack)
  • publish your files on the dark web if you don’t pay or cooperate

The tracking and prosecution of suspects can prove to be a challenge since cybercriminals use cryptocurrency to collect the ransom fee (difficult to trace) and other techniques remain anonymous.

The main types of ransomware are:

  • Encrypting ransomware
  • Non-encrypting ransomware
  • Data Exfiltration ransomware
  • Crypto ransomware or encryptors will encrypt your files and data. you need a decryption key to access your data.
  • Lockers will lock you out of your computer. Files & applications are not accessible. Ransom demand is requested via lock-screen with a countdown clock.
  • Scareware will claim false positives and requests money.
  • Doxware or leakware will threaten you to distribute your data online unless you pay
  • RaaS (Ransomware as a Service) is a complex malware system that uses anonymous command and control centers to distribute ransomware & collect the ransom payment.

Most ransomware infections are spread via phishing emails, or by attachments with fake invoices or other deceiving fake information. Be careful what you click on, be careful which attachment you open.

Lifecycle of a Ransomware incident

Whatever type of cybersecurity measurements you have in place, no system is perfect and humans are not perfect. Neither are computer systems. Hence a good risk management strategy must start with a ransomware risk assessment.

This is where AR INTELL can assist you with a ransomware investigation.