Sciextor

Ransomware

The basic principle of ransomware is to; install a malicious piece of software on a victim's device that will encrypt a user's files with the attacker requesting a ransom.

The ransom (more often than not) will be a form of cryptocurrency.

The level of sophistication in encryption methods varies, with RSA taking a slight lead, but more advanced AES methods have been growing.

Ransomware groups have also drastically improved their obfuscation and mitigation techniques.

Delivery methods vary through phishing or targeted attacks, as well as hijacked websites to memory sticks.

The deployment method could be anything from a PDF or a Remote Desktop Tool to an Executable.

Some statistics on Ransomware are

• Ransomware attacks peaked in 2021, hitting 623.3 million attacks globally, making up 63% of all cyber crimes that year.
• As of 2022, ransomware attacks were down to 236 million (35%), mainly thanks to awareness and better detection methods.
• The best way to protect yourself from ransomware or any other cybercrime is to adopt a zero-trust policy when handling information coming from digital media.
• The average cost of a ransomware attack was $1.85 million in 2023
• The first half of 2022 saw nearly 236.7 million ransomware attacks worldwide
• According to Verizon’s 2022 data breach report, ransomware attacks saw a 13% increase in the past five years
• Ransomware accounts for 10% of all breaches
• More than 80% of respondents say they are “very” or “extremely” concerned about the threat of ransomware, yet a similar number (78%) of organizations surveyed also believe they are “very” or “extremely” prepared to thwart a breach
• Despite those concerns and feelings of preparedness, half of the organizations surveyed still fell victim to ransomware last year
• Of the organizations that experienced a ransomware incident, 71% said they paid at least a portion of the demanded ransom, even though 72% indicated they had cyber insurance
• Only 35% of those affected by ransomware recovered all their data after the incident
• Nearly all leaders surveyed (91%) expect increased security budgets in the coming year to invest in technologies and services that further safeguard their networks from a potential ransomware attack
• The US shouldered a hefty 43% of all global attacks and that ransomware attacks in France nearly doubled in the last five months
• A total of 48 separate ransomware groups attacked the US in the observed period
• The CL0P group used separate zero-days in GoAnywhere MFT and MOVEit Transfer to launch an unprecedented number of attacks within a short time frame and across a massive scale
• Phishing emails were the number one method respondents reported ransomware actors used to gain entry

What can you do

• Family and friends are susceptible to attacks and may not possess the knowledge or know-how to determine if they have been compromised. An attacker uses this to their advantage to target a user's contact list, broadening their attack surface. Confirm with friends and family directly before downloading any files.
• Plain text files like ".txt" and ".csv" are safe to open, however they can contain malicous code. These types of files can be converted to almost any file type by a secondary program. Be aware that antivirus applications will not detect plain text files as being malicous regardless if there is code in the file. Be mindful of all these factors when downloading these file types.
• Making backups of your data across different forms of storage media (cloud storage, external hard drives, memory sticks) will help mitigate the immediate damage.
• Recovery of a device is usually successful with a hard wipe of the system and a fresh install of the operating system if applicable.
• Paying a ransom will not necessarily allow you to regain access to your data. In many cases, older forms of ransomware are still floating around the web, and the creator of the attack may have moved on, making it virtually impossible to recover your data and the ransom.


• Here are some sites that can potentially help with decrypting files:
• Avast Free Ransomware Decryption Tool
• EMSISOFT Ransomware Tool
• No More Ransom Tool
• ID Ransomware


• With that said, older ransomware decryption methods may also exist. Cyber Security organizations will publish decryption methods publicly of ransomware samples as they discover them.
• Most ransomware can be prevented by keeping your anti-malware and OS up-to-date. Keeping all your applications up-to-date will help mitigate most cyber-attacks.