Vous êtes sur la page 1sur 11


What is Ransomware

Ransomware is a form of malware that encrypts victim’s files.

Ransomware attacks and infects a computer with the intention of extorting money from its owner.

A payment is demanded to decrypt the affected files and give access to the victim which is to be paid mainly through virtual currency such as Bitcoin.

Ransomware often enters a computer as a computer worm or Trojan horse through malicious websites, e-mails attachments, software applications etc.

It is also known as a crypto-virus, crypto-Trojan or crypto-worm.

How seriously do Security Experts take Ransomware? (compared to other threats)

Ransomware has long been a lurking threat; ransomware went from a manageable annoyance to a major concern of not only security professionals but business owners and executives everywhere.

Their guidance does not state “do not pay under any circumstances”. Rather, in their “Ransomware Prevention and Response for CISOs” document, while not encouraging payment as it is clear they don’t prefer payment, they state:

Whether to pay a ransom is a serious decision, requiring the

evaluation of all options to protect shareholders, employees and

customers. Victims will want to evaluate the technical

feasibility, timeliness, and cost of restarting systems from


The idea that the FBI says not to pay is actually a myth, and some news organizations are trying to make that more clear:

news organizations are trying to make that more clear : ▪ • Bleeping Computer published an
news organizations are trying to make that more clear : ▪ • Bleeping Computer published an

Bleeping Computer published an article that gave an interested statistic:

The survey, carried out by research and marketing firm Cyber

Edge Group, reveals that paying the ransom demand, even if for

desperate reasons, does not guarantee that victims will regain

access to their files.

[ ]

Of the 38.7% who opted to pay the ransom, a little less than half

(19.1%) recovered their files using the tools provided by the

ransomware authors.

Key statistics of Ransomware

The first widely recognized ransomware incident actually predates the emergence of the online threat we recognize today by almost two decades. In 1989, a Harvard academic named Joseph L Popp was attending a World Health Organization conference on AIDS. In preparation for the conference, he created 20,000 discs to send to delegates, which he titled “AIDS Information – Introductory Diskettes.”

CryptoLocker was one of the most prominent ransomware attacks that happened between September December 2013. It infected more than 250,000 systems and earned more than 3 million.

The Ryuk ransomware is responsible for the large rise in ransomware payment costs which demands $288,000 per incident.

Ransomware downtime costs organizations more than $64,000 on average.

Rate of Ransomware attacks

Starting from around 2012 the use of ransomware scams has grown internationally. There were 181.5 million ransomware attacks in the first six months of 2018. This marks a 229% increase over this same time frame in 2017. In June 2014, vendor McAfee released data showing that it had collected more than double the number of samples of ransomware that quarter than it had in the same quarter of the previous year.

Ransomware attacks have increased over 97 percent in the past two years. - (Source: PhishMe)

A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. (Source: Cyber Security Ventures)

In 2019 ransomware from phishing emails increased 109 percent over 2017. (Source: PhishMe)

emails increased 109 percent over 2017. ( Source : PhishMe) ➢ Amount of money lost statistics

Amount of money lost statistics

An IBM study suggested that over a quarter of all companies would pay more than $20,000 to hackers to retrieve data that had been stolen.

Ransomware generates over $25 million in revenue for hackers each year. (Source: Business Insider)

The NotPetya ransomware attack cost FedEx $300 million in Q1 2017. (Source: Reuters)

The average ransom demand increased in 2018 to $1,077.

Ten percent of all ransom demands are over $5,000. (Source: Datto)

97% of United States’ companies refused to pay a ransom. 75% of Canadian companies paid, followed by, 22% of German businesses, and 58% in the UK.

How does ransomware work

What types of artefacts does ransomware attack: files, programs, machines?

Ransomware attacks all types of files, programs, machines etc.

Ransomware often enters a Pc as a computer worm or Trojan horse through malicious websites, e-mails attachments, software applications etc.

But mainly attacks files in computers, mobiles, workstations and servers.

Ransomware encrypts victims files and asks to pay a ransom in order to decrypt and give access to the affected files.

Main techniques ransomware uses to perform an attack

Ransomware is a malicious software that encrypts data of the victims and asks for money in order to unlock them.


makes use of some nifty public-key cryptography which is


the same “one-way” (asymmetric) encryption that lets you safely shop


online and access online banking.


This generates a unique encryption key randomly every time it infects a


computer, which it uses to encrypt your files (using the AES-256


“military grade” cipher algorithm). It then encrypts this using their public


Only the person who has the private key can get the serial to get the key used to decrypt the files.


How ransomware attacks are initiated: email attachments, malware hidden in software?

Malicious Email attachments Here the attacker sends an email likely from a believable source such as HR, IT etc. The malicious file is attached to the email. When the recipient opens the email the ransomware payload will be downloaded the system will get infected and the files will be held for ransom.

Exploit kits

Exploit kits are sophisticated toolkits that exploit vulnerabilities. Exploit kits are executed when a victim visits a malicious website. Malicious code hidden in the site in the form of an advertisement (malvertisement) enters the pc and the pc will get affected.

Remote Desktop Protocol (RDP) An increasingly popular mechanism in which attackers are infecting victims is through Remote Desktop Protocol (RDP). Using RDP hackers can securely access victim’s data remotely.

USB and removable media Another way ransomware can enter a pc is through a USB device. When you plug the USB malware can enter the pc with any warnings Or user’s knowledge.

Approaches used to recover from ransomware and how effective they are

Conduct regular data backups Conduct regular backups of your files and store them offline (cloud) so you can access them when you want.

Update the software Update both the OS and security components so you can stay protected from ransomware and other malicious attacks

Educate end users End users should be educated on how to get prevented from such attacks such as creating strong passwords, always using antivirus software, avoid visiting malicious websites, avoid opening emails send by unknown users etc.

Restrict administrative and system access Ransomware are designed to use an administrative system to perform their tasks. One can prevent this by decreasing user accounts and terminating default system administrator accounts.

Using anti-virus guards, anti-malware software Anti-malware software such as Malwarebytes can be used to remove malwares, ransomwares and other malicious files up to a certain extent.

Examples of Ransomware attacks

First Ransomware attack

AIDS Trojan also known as the PC Cyborg virus

This was released using Floppy disks in 1989

This was created by a biologist named Joseph Popp

AIDS Trojan infected the Healthcare Industry which it distributed 20,000 infected disks to attendees of the World Health Organization’s AIDS conference spanning more than 90 countries

The victims were asked to pay $189 to PC Cyborg Corporation at a PO box in Panama

This was easy to be stopped since it used simple symmetric Cryptography and tools were soon available to decrypt the files

symmetric Cryptography and tools were soon available to decrypt the files Source: https://www.knowbe4.com/aids-trojan

Biggest Ransomware attack

WannaCry Ransomware attack

Targeted computers running Microsoft windows operating system

This spread rapidly through across a number of computer networks in May 2017

Over 230,000 computers have been affected in more than 150 countries with high profile victims including Telefónica, Britain’s National Health Service (NHS), FedEx, Deutsche Bahn, and LATAM Airlines

The WannaCry ransomware cost the National Health Service almost £100m and led to the cancellation of 19,000 appointments

This was stopped due to discovery of emergency patches released by Microsoft and a discovery of a kill switch

released by Microsoft and a discovery of a kill switch Source:

SamSam Ransomware attack

Appeared in the late 2015

Increased with next few years gaining high profile scalps including the Colorado Department of Transportation, the City of Atlanta, and numerous health care facilities .

SamSam targeted organizations in a wide range of sectors, but healthcare was by far the most affected sector, accounting for 24 percent of attacks

in 2018.
in 2018.

The vast majority of SamSam’s targets are located in the U.S. Of the 67 organizations targeted during 2018, 56 were located in the U.S. A small

number of attacks were logged in Portugal, France, Australia, Ireland,

and Israel.


This attack costs an estimated of 1.5 million to the Colorado Department of Transport

This hasn’t been stopped yet it has been striking again and again resulting huge losses