Introduction
Semakin sering kita mendengar berita Ransomeware menyerang sebuah perusahaan, dan saat ini Ransomeware muncul sebagai ancaman utama bagi bisnis anda. Ransomeware adalah sebuah malware jahat yang akan meng-encripsi data di dalam system yang terinfeksi olehnya, data anda akan di kunci dan ini memberikan ruang untuk penyebarnya mendapatkan tebusan untuk membuka kembali kuncinya itu.
Mulai dari Q2 tahun 2015 McAfee Labs sudah mencatat 4 juta variant baru dari Ransomeware ini, dan sampai akhir 2019 variant baru berkembang sangat extreem, dan bisa di bayangkan Ransomware di distribusikan dengan berbagai cara, dan sungguh sulit untuk lepas dari serangannya.
“Its not about if, its about when”
Ransomware can take different forms, but it is a type of malware that denies access to a device or files until a ransom has been paid. Ransomware encrypts your employee’s or corporate files and forces you to pay a fee to the hacker in order to regain access to their files.
Jadi, betapa bahaya nya ransomeware ini, bagaimana melindungi bisnis anda dari ransomeware?
Cara Penyebaran Ransomware
Phising Attacks Spam adalah cara yang paling dominan dalam penyebaran ransomware ini, cara social engineering hal yang lumrah, bagaimana menangkal ini?
Memberikan Edukasi secara intens kepada team anda adalah hal yang efektif dalam menangkal phising attack ini, selain menambahkan level secuity di dalam perusahaan anda.
Apabila karwayan anda sudah mampu menganalisa sendiri mana email yang benar dan mana email yang palsu maka resiko terkena ranswomware bisa di perkecil.
Trust me its not easy
Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file, kemungkinan nya adalah email koresponden anda yang baru saja anda lakukan mendapatkan response dari pengirim tentang hal yang masih berkaitan dengan tema perbincangan anda, namun menyertakan file attachment yang mencurigakan, disinilah edukasi itu penting bagaimana seorang karwayan akan lebih berhati hati dalam melakukan actions terhadap email tersebut. Bila salah !!!! dalam sekejap mata semua file yang ada di system anda akan di kunci oleh ransomware ini.
DRIVE-BY DOWNLOAD, salah satu metode penyebaran Ransomware yang umum, download dari sumber yang tidak jelas sering kali berujung fatal, software yang di download sudah di sisipkan file ransomware.
Free Software, juga salah satunya, sebelum memutuskan untuk install free free software , pastikan review ataupun kejelasan dari fungsi software tersebut.
RANSOMEWARE AS A SERVICE, percayakah anda bahwa ini benar benar nyata, karena phising spam attack memerlukan skil yang lebih dari mayoritas penggiat technology, para hacker dengan minimal skill pun terinspirasi oleh peluang tersebut.
Type type Ransomware
CryptoLocker, CryptoWall, CTB-Locker, Locky, TeslaCrypt, TorrentLocker, KeRanger, Ransom32,
- Bad Rabbit: A strain of ransomware that has infected organizations in Russia and Eastern Europe. Bad Rabbit spreads through a fake Adobe Flash update on compromised websites. When the ransomware infects a machine, users are directed to a payment page demanding .05 bitcoin.
- Cerber: Cerber targets cloud-based Office 365 users and impacted millions of users using an elaborate phishing campaign. This type of malware emphasizes the growing need for SaaS backup in addition to on-premises.
- CryptoLocker: Ransomware has been around in some form or another for the past two decades, but it really came to prominence in 2013 with CryptoLocker. The original CryptoLocker botnet was shut down in May 2014, but not before the hackers behind it extorted nearly $3 million from victims. Since then, hackers have widely copied the CryptoLocker approach, although the variants in operation today are not directly linked to the original. The word CryptoLocker, much like Xerox and Kleenex in their respective worlds, has become almost synonymous with ransomware.
- CryptoWall: CryptoWall gained notoriety after the downfall of the original CryptoLocker. It first appeared in early 2014, and variants have appeared with a variety of names, including CryptoBit, CryptoDefense, CryptoWall 2.0, and CryptoWall 3.0. Like CryptoLocker, CryptoWall is distributed via spam or exploit kits.
- Crysis: Crysis ransomware encrypts files on fixed, removable, and network drives with a strong encryption algorithm making it difficult to crack in a reasonable amount of time. It’s typically spread via emails containing attachments with double-file extension, which make the file appear as a non-executable file. In addition to emails, it can also be disguised as a legitimate installer for applications.
- CTB-Locker: The criminals behind CTB-Locker take a different approach to malware distribution. Taking a page from the playbooks of Girl Scout Cookies and Mary Kay Cosmetics, these hackers outsource the infection process to partners in exchange for a cut of the profits. This is a proven strategy for achieving large volumes of malware infections at a faster rate.
- GoldenEye: GoldenEye is similar to the prolific Petya ransomware. Hackers spread GoldenEye ransomware through a massive campaign targeting human resources departments. After the file is downloaded, a macro is launched which encrypts files on the computer. For each file it encrypts, GoldenEye adds a random 8-character extension at the end. The ransomware then also modifies the user’s hard drive MBR (Master Boot Record) with a custom boot loader.
- Jigsaw: Jigsaw encrypts and progressively deletes files until a ransom is paid. The ransomware deletes a single file after the first hour, then deletes more and more per hour until the 72-hour mark, when all remaining files are deleted.
- KeRanger: According to ArsTechnica, KeRanger ransomware was discovered on a popular BitTorrent client. KeRanger isn’t widely distributed, but it’s known as the first fully functioning ransomware designed to lock Mac OS X applications.
- LeChiffre: “Le Chiffre”, which comes from the French noun “chiffrement” meaning “encryption”, is the main villain from James Bond’s Casino Royale novel who kidnaps Bond’s love interest to lure him into a trap and steal his money. Unlike other variants, hackers must run LeChiffre manually on the compromised system. Cybercriminals automatically scan networks in search of poorly secured remote desktops, logging into them remotely and manually running an instance of the virus.
- LockerGoga: This strain of ransomware hit various European manufacturing companies, including Norsk Hydro. The ransomware infiltrated the company through a phishing email, causing a global IT outage and forcing the company to order hundreds of new computers.
- Locky: Locky’s approach is similar to many other types of ransomware. The malware is spread in an email message disguised as an invoice. When opened, the invoice is scrambled and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption.
- NotPetya: Initial reports categorized NotPetya as a variant of Petya, a strain of ransomware first seen in 2016. However, researchers now believe NotPetya is instead a malware known as a wiper with a sole purpose of destroying data instead of obtaining a ransom.
- Petya: Unlike some other types of ransomware, Petya encrypts entire computer systems. Petya overwrites the master boot record, rendering the operating system unbootable.
- Spider: A form of ransomware spread via spam emails across Europe. Spider ransomware is hidden in Microsoft Word documents that install the malware on a victim’s computer when downloaded. The Word document, which is disguised as a debt collection notice, contains malicious macros. When these macros are executed, the ransomware begins to download and encrypt the victim’s data.
- TeslaCrypt: Like most of the other examples here, TeslaCrypt uses an AES algorithm to encrypt files. It’s typically distributed via the Angler exploit kit specifically attacking Adobe vulnerabilities. Once a vulnerability is exploited, TeslaCrypt installs itself in the Microsoft temp folder.
- TorrentLocker: TorrentLocker is typically distributed through spam email campaigns and is geographically targeted with email messages delivered to specific regions. TorrentLocker is often referred to as CryptoLocker, and it uses an AES algorithm to encrypt file types. In addition to encoding files, it also collects email addresses from the victim’s address book to spread malware beyond the initially infected computer—this is unique to TorrentLocker.
- WannaCry: WannaCry is a widespread ransomware campaign that affected organizations across the globe. The ransomware hit over 125,000 organizations in over 150 countries. The ransomware strain affected Windows machines through a Microsoft exploit known as EternalBlue.
- ZCryptor: ZCryptor is a self-propagating malware strain that exhibits worm-like behavior, encrypting files and also infecting external drives and flash drives so it can be distributed to other computers.