what is ransomware?

Ransomware is a Trojan designed to extort money from a victim. Often ransomware programs require a fee for cancelling the changes that were made by the Trojan program on the victim's computer.

encryption of data on the disk, so that the user can no longer access his files;
blocking access to the device.
Methods for penetrating ransomware onto a computer
The most common ways to install ransomware Trojans are:

using phishing;

by placing malware on a website.
After installation, the Trojan either encrypts the information that is stored on the victim’s computer or blocks the normal operation of the computer, displaying a message requesting payment of a certain amount for decryption the files and restoring the system. In most cases, a message requesting a money transfer appears when the user restarts the computer after infection occurs.

what is ransom ware

Ransomware is increasingly being used by cyber criminals around the world. However, ransom demand messages and ways to extort money in different regions may be different. For instance:

Fake messages about the presence of unlicensed applications
Such Trojans throw out a message stating that unlicensed software is installed on the victim’s computer. Then payment is required.
Fake Illegal Content Reporting
In countries where pirated software is less common, this method is not very effective. Instead, a pop-up message from ransomware Trojans can mimic a message from law enforcement agencies about the discovery on a computer of content containing child pornography or other illegal content. The message is accompanied by a fine.

Ransomeware attacks

Ransomware is a type of malware that data on a victim's computer is often locked by encryption. Payment is requested before the affected data is decrypted and the access to the victim is returned. Ransomware attacks are almost always related to money, and unlike other types of attacks, the victim is often notified in the event of an attack and learns the instructions to follow to get rid of the attack. Usually, payments are requested to be made with cryptocurrencies, such as bitcoin, so that the identity of the cyber criminal is unknown.

So is ransomware a virus? No! Viruses can infect and reproduce in your files or software. However, the ransomware scrambles your files to make them unusable and demands payment. Both can be removed with virus protection software, but if your files are encrypted, you won't be able to get them back.

Why should businesses worry about ransomware?

Ransomware damages your business. Failure to access your own files for a day due to malware causes your income to be negatively affected. Ransomware attacks can often leave victims offline for at least a week, sometimes months, and cause serious losses. Systems stay offline for so long, not only because ransomware locks systems, but also because of all the effort required to clean and restore networks. And this business will not only cause financial short-term losses; In addition, consumers are afraid to give their data to institutions that they think are not safe and to work with those brands.

How ransomware gets into your computer

Social Engineering: A term used to trick people into downloading malware with a fake attachment or link. Malicious files are often hidden as ordinary documents (order confirmations, receipts, invoices, notifications) and appear to have been sent by a reputable company or organization. Trying to download or open one of these on your computer is enough to be affected by ransomware.

Malware: These are paid advertisements that cause ransomware , spyware, viruses, and other bad things at the click of a button . Hackers can buy advertising space on popular websites and even social media networks to capture your data.

Exploit Kits  : These are pre-written codes placed in ready-to-use hacking tool. These kits are designed to exploit vulnerabilities caused by legacy software.

Drive-by Downloads: These are dangerous files that are downloaded to your computer when you don't want to. Some malicious websites use outdated browsers or apps to silently download malicious software in the background while you browse an innocent website or watch a video.

Ransomware uses Gigabyte driver to disable antivirus

Extortionists demand a ransom from their victims, which increases by $ 10 thousand every day.

Sophos experts warned of new cyber attacks using RobbinHood ransomware. Criminals use the vulnerable Gigabyte driver to hack into a Windows system and disable running antivirus software.

During the attack, attackers exploit the uncorrected vulnerability (CVE-2018-19320), discovered in 2018 in the Gigabyte driver. The exploitation of the vulnerability allows you to access the device and install a second driver, with which criminals disable antivirus programs.

The Steel.exe executable file is used to exploit the vulnerability in the gdrv.sys driver and extracts a file with the name ROBNR.EXE in a temporary Windows folder. ROBNR.EXE, in turn, extracts two different drivers - one of which was developed by Gigabyte and contains a vulnerability, and the other is needed to disable antivirus software on a compromised device. After exploiting the vulnerability, the forced use of the Windows driver signature is disabled, which allows the malicious driver to be launched.

For access to encrypted files, ransomware requires a ransom from their victims, which increases by $ 10 thousand every day.