Ransomware is a type of malicious software that carries out the cryptoviral extortion
attack from cryptovirology that blocks access to data until a ransom is paid and displays
a message requesting payment to unlock it.
Simple ransomware may lock the system in a way which is not difficult for a knowledgeable
person to reverse.
More advanced malware encrypts the victim's files, making them inaccessible, and demands
a ransom payment to decrypt them.
The ransomware may also encrypt the computer's Master File Table or the entire hard drive.
Thus, ransomware is a denial-of-access attack that prevents computer users from accessing
files since it is intractable to decrypt the files without the decryption key.
Ransomware attacks are typically carried out using a Trojan that has a payload disguised
as a legitimate file.
While initially popular in Russia, the use of ransomware scams has grown internationally;
in June 2013, security software vendor McAfee released data showing that it had collected
over 250,000 unique samples of ransomware in the first quarter of 2013, more than double
the number it had obtained in the first quarter of 2012.
Wide-ranging attacks involving encryption-based ransomware began to increase through Trojans
such as CryptoLocker, which had procured an estimated US$3 million before it was taken
down by authorities, and CryptoWall, which was estimated by the US Federal Bureau of
Investigation (FBI) to have accrued over $18m by June 2015.
How does it operate?
The concept of file encrypting ransomware was invented and implemented by Young and
Yung at Columbia University and was presented at the 1996 IEEE Security & Privacy conference.
It is called cryptoviral extortion and is the following 3-round protocol carried out
between the attacker and the victim.
1 [attacker→victim] The attacker generates a key pair and places the corresponding public
key in the malware.
The malware is released.
2 [victim→attacker] To carry out the cryptoviral extortion attack, the malware generates a
random symmetric key and encrypts the victim's data with it.
It uses the public key in the malware to encrypt the symmetric key.
This is known as hybrid encryption and it results in a small asymmetric ciphertext as
well as the symmetric ciphertext of the victim's data.
It zeroizes the symmetric key and the original plaintext data to prevent recovery.
It puts up a message to the user that includes the asymmetric ciphertext and how to pay the
ransom.
The victim sends the asymmetric ciphertext and e-money to the attacker.
3 [attacker→victim] The attacker receives the payment, deciphers the asymmetric ciphertext
with the attacker's private key, and sends the symmetric key to the victim.
The victim deciphers the encrypted data with the needed symmetric key thereby completing
the cryptovirology attack.
The symmetric key is randomly generated and will not assist other victims.
At no point is the attacker's private key exposed to victims and the victim need only
send a very small ciphertext (the encrypted symmetric-cipher key) to the attacker.
Ransomware attacks are typically carried out using a Trojan, entering a system through,
for example, a downloaded file or a vulnerability in a network service.
The program then runs a payload, which locks the system in some fashion, or claims to lock
the system but does not (e.g., a scareware program).
Payloads may display a fake warning purportedly by an entity such as a law enforcement agency,
falsely claiming that the system has been used for illegal activities, contains content
such as pornography and "pirated" media.
Some payloads consist simply of an application designed to lock or restrict the system until
payment is made, typically by setting the Windows Shell to itself,[16] or even modifying
the master boot record and/or partition table to prevent the operating system from booting
until it is repaired.
The most sophisticated payloads encrypt files, with many using strong encryption to encrypt
the victim's files in such a way that only the malware author has the needed decryption
key.
Payment is virtually always the goal, and the victim is coerced into paying for the
ransomware to be removed—which may or may not actually occur—either by supplying a
program that can decrypt the files, or by sending an unlock code that undoes the payload's
changes.
A key element in making ransomware work for the attacker is a convenient payment system
that is hard to trace.
A range of such payment methods have been used, including wire transfers, premium-rate
text messages, pre-paid voucher services such as Paysafecard, and the digital currency Bitcoin.
A 2016 census commissioned by Citrix revealed that larger business are holding bitcoin as
contingency plans.
For more infomation >> My little Pony Premiéra 7 Série! (CZ titulky) - Duration: 0:31. 
Không có nhận xét nào:
Đăng nhận xét