Makerere University

Enter a keyword or two into the search box above and click search..

How to Detect Ransomware Attacking your Cloud Data Repositories

You are here

By Kiran Sanjeevan

Ransomware is a type of malware that targets corporate businesses, public agencies, or even individuals by means of digital extortion. In general terms, Ransomware denies the victim access to their content until a fee (the ‘ransom’) is paid, and promises to restore access subsequently. Generally, Ransomware can be categorized into two main classes: those strains that encrypt files and deny access to data (crypto ransomware) and those that incapacitate the use of a device, typically by locking its interface (locker ransomware).

The first appearance of Ransomware dates back to 2005, when attackers would use misleading application notifications to make false statements about the infection of the victim’s computer and offer to remedy them for a fee. That same year crypto ransomware using asymmetric encryption hit its first targets.

In 2011, there was a significant increase in the popularity of locker ransomware, and attackers began leveraging anonymous payment services to capture payments. Shortly thereafter, anti-malware started becoming very successful in mitigating Locker Ransomware, and we saw a shift back towards crypto ransomware, including the particularly well-known CryptoLocker from 20131. Since then, new Ransomware samples are discovered constantly, and we’ve also seen a steady increase in market size and average ransom fee to present day.

Ransomware – the 5-step process
The Ransomware cyber kill chain has the following general structure2:

1) Infection
Malicious components are deployed to the victim’s endpoint. This is achieved usually by

To find out more

Read from this link [source]

Category: