Havoc Shield Blog

Zooming In on Ransomware

Written by Brian Fritton | Jul 11, 2020 5:00:00 AM

Ransomware is on the rise.  If you are fortunate enough to not yet have experienced it first-hand, read on for the troublesome premise.

Your precious data -- your work files, your personal records, or maybe even something more personal than records, are valuable.  Hackers know it.  And they are willing to bet that you might be willing to pay to prevent them from doing one of the following to your records/information/pictures/etc:

  1. Disclosing them in their rawest form, to the world
  2. Locking you out of ever accessing them again
  3. Encrypting them in a manner that you can't possibly decode

That's the ugly premise, but with some knowledge of the top trends in malware, a heightened awareness may help you take steps to stay safe.  Lets dig into the top five trends in ransomware.

1. Crypto Ransomware

This is one of the most common type of ransomware circulating today.  The attacker fools you or someone with access to your computer, into running code that encrypts the contents of your hard drive.  Or, finds some other way into your system (like a bug in the operating system), that lets them achieve the same goal without all of the complexity of having to fool you into it.

Once your hard drive is encrypted (with a key that you can't possibly know), the attacker causes your screen to show a message that requests that payment be made in some anonymous fashion, in exchange for the key that decrypts your data.  The most common mechanics of the transaction are via a transfer of some amount of bitcoin to an anonymous destination.

2. Locker Ransomware

This attack bears some resemblence to crypto ransomware.  A message appears on your screen that indicates that you will not be able to continue to access your computer without paying a specified ransom amount.  It's not always clear whether the contents of your storage have been encrypted or not, but the mechanics of the attack present the message in a convincing manner that leads you to believe that you will not be able to resume normal use of your computer without paying the ransom.

3. Leakware Ransomware

This on is nuanced, and debate continues about whether it is best categorized as ransomware or simply as extortion.  The premise, though, is that the attacker claims to have some deeply personal information about you, that they fully intend on publicly disclosing on the internet.  One popular variation of the attack claims to have highly compromising photographs of you, taken through your computer's webcam without your permission.  A popular flavor of that particular attack, is one where the attacker claims to also have access to your contacts list, with plans to send the photographs to your entire contact list.

A complex aspect of discussing leakware is that there are many leakware claims that are fundamentally untrue -- cases where an attacker hopes to frighten you into paying the ransom, without actually having any of the deeply personal information about you that they claim to have.  In those cases, perhaps this type of attack is better classified plainly as extortion (not ransomware), although the threat landscape continues to evolve and the variants of this type of cybercrime are evolving.

4. MBR Ransomware

Bear with us while we delve into a realm that only the most technical readers might have prior knowledge of.  When you turn on your computer (or reboot it), before your operating system (Windows, Linux, OS X, etc) loads there is one other piece of software that gets control first.  It's called your "bootloader".  It's a small piece of software whose job is primarily to hand control of the computer to the correct operating system and send it on it's way.

What would happen, however, if an attacker were able to inject malicious code into your bootloader?  You guessed it: they'd be able to have full control over your computer (including the ability to stop it in it's tracks during the startup process).  MBR ransomware is sometimes seen in combination with other types of ransomware such as locker ransomware or crypto ransomware; it's sometimes the mechanism by which those types of ransomware gain control over the system or prevent you from accessing your normal files and applications.

IoT Ransomware

We hate to be the bearer of bad news on an emerging threat, but please beware that we're on the cusp of an era where hackers may begin having greater success exploiting your various Internet of Things (IoT) devices.  If you think hard (or run a scan) to recall what devices you've connected to your wifi, you might be stunned by how connected your home has become.  Let us jog your memory on some of the devices that you may have added to your Wi-Fi network at some point:

  • Doorbells
  • TVs
  • Smart speakers
  • Printers
  • Tablets
  • Phones
  • Smart watches
  • Security system
  • Digital cameras
  • Smart locks
  • Thermostats

Not to mention, it gets hard to remember over time if there has been some day in the past where a neighbor has momentarily asked to access your Wi-Fi (perhaps on a day where theirs was being serviced).

This is an emerging attack vector that is not yet mainstream, but recent evidence suggests that it may be the next frontier of ransomware.

We're Here to Help

While these types of ransomware each present realistic threats, the good news is that companies like Havoc Shield that set out to protect your cyber perimeter are tracking these trends and working proactively to defend you against them.  If you are not yet a client, we'd be glad to help -- both by getting you started on our free Rapid Threat Test -- and by discussing your unique concerns and crafting a cybersecurity plan that guards against the growing threat landscape.