In: Computer Science
Case Study: The Reveton Ransomware Attacks
In August 2012, the Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center, was inundated with reports of a new type of cybercrime. Victims across the United States reported that while searching the Internet, their computers locked up, and they received the following message, purportedly from the FBI: “This operating system is locked due to the violation of the federal laws of the United States of America! (Article 1, Section 8, Clause 8; Article 202; Article 210 of the Criminal Code of U.S.A. provides for a deprivation of liberty for four to twelve years.)” The message then accused the victim either of visiting pornography Web sites or of distributing copyrighted content. Victims were told they could unlock their computers and avoid prosecution by paying a fine of $200 within 72 hours of receiving the message. The message came replete with the official FBI logo.
The incident pointed to a steep rise in ransomware attacks. Ransomware is malware that disables a computer or smartphone until the victim pays a fee, or ransom. Unlike other viruses, the Reveton version of ransomware is not activated by opening a file or an attachment. Rather it is an example of “drive-by malware,” viruses that download automatically when a user visits an infected Web site.
The FBI immediately issued an alert, but within a month, cybersecurity experts had identified 16 variants of the ransomware. These viruses had infected 68,000 unique IP addresses. It is estimated that on an average day, about 170 victims paid the $200 fee and received valid unlock codes. The compromised computers could not be fixed through the installation or updating of antivirus software because the computer was locked. Because so many home PC owners fail to back up their systems regularly, many victims faced losing a significant amount of data. The $200 fee itself was low enough to encourage payment. A visit to a professional IT service to repair the damage could potentially cost the same amount and take more time to resolve. A quick payment through a prepaid money card system, such as MoneyPak, could save the victim a lot of trouble.
The United States was not the first country to be hit by these attacks. In early 2012, criminal gangs targeted France, Germany, and the United Kingdom. Ransomware attacks first broke out in Russia in 2009. Since that time, they have spread to almost every country on the globe, hitting the United States and Japan especially hard. Symantec, an IT security company, estimates that gangs are extorting over $5 million per year from online victims. The rise of ransomware attacks is, no doubt, due in part to their success. In France, for example, almost 4 percent of victims coughed up the ransom money during a non-Reveton scam.
The Reveton ransomware is delivered by the popular Russian-language Citadel malware toolkit. The latest version of Citadel can also grab passwords from Web browsers and change Web sites to trick users into handing over their login information.
In December 2012, the United Kingdom arrested three people they believed were involved in the Reveton ransomware attacks. Finding the perpetrators, however, is unusual and is not the most effective way to combat this crime. Law enforcement agencies and IT security companies have urged the public to take
measures to prevent themselves from falling victim to such attacks—by keeping software such as Java, Acrobat Reader, Adobe Flash, Windows, and their browser software updated. An early Reveton ransomware attack made use of a vulnerability in a version of Java that had just been patched a month prior. Computer users can also avoid infections by using security software that identifies suspicious Web sites, and by not clicking online ads from dubious companies. Perhaps, however, the best way to avoid the spread of these attacks is to encourage victims to report the crime and to refuse to comply with the ransom demands.
Questions:
1) Ransomware attack
A Ransomware is a malware which infect the computer software or lock the computer software which displays a demanding fee in order to work your system again. The attacker makes money by installing the deceptive links in an email message, instant message or website. It has an ability to lock a computer screen or encrypt important, predetermined files with a password.
There are many types of malware are present:
1. Scareware
It is a simple form of ransomware. You might receive a pop-up message claiming that malware was discovered.
2. Screen Lockers.
When lock-screen ransomware gets on your computer screen, which means that you are frozen out of your PC entirely.
3. Encrypting Ransomware.
Here the files are encrypted and the attacker demand for payment in order to decrypt or redeliver the system.
For the demanding of payment to decrypt the system the attacker have attracted in ransomware. With the development of ransom family reveton in 2012 came a new form of ransomware. Victim would be locked out of their desktop and shown an official looking page that included credential for law enforcement agencies like FBI and Interpol. The ransom would claim that the user had committed a crime such as computer hacking, downloading illegal files, or even being involved with child pornography. And they demand for paying money in various ranges and forms.
2) Prevent Ransomware Attack.
To prevent the ransomware attack, first we have to know our enemy. That is most of all organisations know what are all the ransom fell on the previous year. So be aware of ransom attack and avoid such situations and also don’t join such clubs.
And the major thing is, train your organisation and provide the aware toolkit of organisation.
And also, we deploy a world class protection to our system. to compromise these preventive measures a user may get attacked easily.
Avoid in by clicking the link in spam email or unfamiliar website. And also download the malicious link will affect the computer.
Do not open untrusted email attachments. Confirm the sender then only open the attachment. And also, never open attachment that ask you to enable macros to view them.
The other important thing is that you have to download the content from the trusted sites. Downloading from reputed site is the only option for user.
Never ever give the personal data to any untrustworthy sites.
3) Response to Ransomware Attack.
First, we have to block the ransomware communication. For that we can implement anti-bot technology to block ransomware and other form of malware connecting and communicating with our system.
Contain infections to prevent it from spreading, minimizing, business impact. So don’t panic with the situation, there is a solution to overcome it. Unfortunately, we are under threat of ransomware, then we have more options to over come the situation
4) Ethical Obligations to future victims.
There is any rule that the victim should respond or have obligations to the future. But for the ethical side of the person they have to be make awareness about the ransomware. It helps other persons to be careful for such situations. And get prepared for the future actions from the attacker.