Ransomware cyber crime is there any solution or prevention is better than cure. Cyber criminals have made lucrative business and even 100$ ransom gets collected via bitcoin.

1. Ransomware :
A cyber crime without solution ?
Adv. Prashant Mali
Masters in Computer Science(MSc.), Masters in Law(LLM),
Certified Computer Forensics Professional(CCFP)
High Court Lawyer – Mumbai, India
Speaker, Author & Expert in Cyber Law & Cyber Security
President – Cyber Law Consulting(Advocates & Attorneys)

2. What is Ransomware ?
• Ransomware is a sophisticated piece of
malware that blocks the victim’s access to
his/her files.
There are two types of ransomware in circulation:
• Encrypting ransomware, which incorporates advanced
encryption algorithms. It’s designed to block system files and
demand payment to provide the victim with the key that can
decrypt the blocked content. Examples include CryptoLocker,
Locky, CrytpoWall and more.
• Locker ransomware, which locks the victim out of the
operating system, making it impossible to access the desktop
and any apps or files. The files are not encrypted in this case,
but the attackers still ask for a ransom to unlock the infected
computer. Examples include the police-themed ransomware
or Winlocker.

3. Ransomware A leading Cyberthreat
• Ransomware, specifically cryptographic
ransomware, has quickly become one of the
greatest cyberthreats facing organizations
around the world.
• It is largely victim agnostic, spanning the
globe and affecting all major industry
verticals. Small organizations, large
enterprises, individual home users - all are
potential targets.

4. Ransomware : Characteristics
• It features unbreakable encryption, which means that you can’t
decrypt the files on your own (there are various decryption tools
released by cyber security researchers – more on that later);
• It has the ability to encrypt all kinds of files, from documents to
pictures, videos, audio files and other things you may have on your
PC;
• It can scramble your file names, so you can’t know which data was
affected. This is one of the social engineering tricks used to confuse
and coerce victims into paying the ransom;
• It will add a different extension to your files, to sometimes signal a
specific type of ransomware strain;
• It will display an image or a message that lets you know your data
has been encrypted and that you have to pay a specific sum of
money to get it back;
• It requests payment in Bitcoins, because this crypto-currency
cannot be tracked by cyber security researchers or law
enforcements agencies;

5. Ransomware : Characteristics
• Usually, the ransom payments has a time-limit, to add another level of
psychological constraint to this extortion scheme. Going over the deadline
typically means that the ransom will increase, but it can also mean that
the data will be destroyed and lost forever.
• It uses a complex set of evasion techniques to go undetected by
traditional antivirus (more on this in the “Why ransomware often goes
undetected by antivirus” section);
• It often recruits the infected PCs into botnets, so cyber criminals can
expand their infrastructure and fuel future attacks;
• It can spread to other PCs connected in a local network, creating further
damage;
• It frequently features data exfiltration capabilities, which means that
ransomware can extract data from the affected computer (usernames,
passwords, email addresses, etc.) and send it to a server controlled by
cyber criminals;
• It sometimes includes geographical targeting, meaning the ransom note is
translated into the victim’s language, to increase the chances for the
ransom to be paid.

6. Impact of Ransomeware
• The financial impact of ransomware is
enormous, with several high-profile infections
leading to millions of dollars in ransom paid to
attackers.
• Ransomware is one of the few cybercriminal
business models where the same attack could
harm a Fortune 500 company, a local
restaurant down the street, and your
grandmother.

7. Image source: CERT-RO

8. How does ransomware infect?
• Initially, the victim receives an email which includes a
malicious link or an malware-laden attachment. Alternatively, the
infection can originate from amalicious website that delivers a
security exploit to create a backdoor on the victim’s PC by using
a vulnerable software from the system.
• If the victim clicks on the link or downloads and opens the
attachment, a downloader (payload) will be placed on the affected PC.
• The downloader uses a list of domains or C&C servers controlled by
cyber criminals to download the ransomware program on the system.
• The contacted C&C server responds by sending back the requested
data, in our case, the ransomware.
• The ransomware starts to encrypt the entire hard disk content,
personal files and sensitive information. Everything, including data
stored in cloud accounts (Google Drive, Dropbox) synced on the PC. It
can also encrypt data on other computers connected in the local
network.
• A warning pops up on the screen with instructions on how to pay for
the decryption key.

9. Ransomeware: Infection Example

10. Ransomeware : Names
• TorrentLocker
• CTB Locker
• CryptoWall
• Reveton
• TeslaCrypt
• Locky
New Ransomeware’s are launched at
intervals, so Locky’s descendant, Zepto
made its debut in early June 2016.

11. Ransomware: How it spreads ?
Cybercriminals to spread ransomware:
• Spam email campaigns that contain malicious links or attachments;
• Security exploits in vulnerable software;
• Internet traffic redirects to malicious websites;
• Legitimate websites that have malicious code injected in their web
pages;
• Drive-by downloads;
• Malvertising campaigns;
• SMS messages (which apply to ransomware that targets mobile devices);
• Botnets;
• Self-propagation (spreading from one infected computer to another);
• Affiliate schemes in ransomware-as-a-service (earning a share of the
profits by helping further spread ransomware).

12. Ransom Payment Mechanism
• The cryptocurrency Bitcoin has provided a
payment mechanism that is fueling the
success of this scheme. The payment
mechanisms that early forms of ransomware
relied on have been shut down or forced to
regulate their payments, but Bitcoin has no
central authority against which law
enforcement can take action.

13. Target Operating System
• Thus far, ransomware attacks
have primarily targeted
Windows-based systems, but
adversaries have begun
branching out to target other
devices, such as attacks against
the Mac® OS X® operating
system.

14. Ransomeware: Prevention
• Do not store important data only locally on PC.
• Have two backups of your data: on an external hard drive
and in the cloud – Dropbox /Google Drive/etc.
• Don’t turn on the Dropbox /Google Drive/ OneDrive/etc.
application on your computer by default. only open them
once a day, to sync your data, and close them once this is
done.
• Keep Operating system and the software you use is
updated, including the latest security patches.
• Don’t use an administrator account on your computer for
daily usage
• Turn off macros in the Microsoft Office suite – Word, Excel,
PowerPoint, etc.

15. Ransomeware: Prevention
• Remove Adobe Flash, Adobe Reader, Java and Silverlight plugins
from your browsers use only need based.
• Adjust browsers’ security and privacy settings for increased
protection.
• Remove outdated plugins and add-ons from browsers.
• Always use an “ad blocker” to avoid the threat of potentially
malicious ads.
• Never open spam emails or emails from unknown senders.
• Never download attachments from spam emails or suspicious
emails.
• Never click links in spam emails or suspicious emails.
• Use paid and licensed Anti virus software and keep it updated

16. What can be done ?
• Until organizations around the world
adopt a prevention mindset, and stop
paying ransoms to retrieve their data,
this criminal scheme will continue to
threaten all Internet-connected devices.
• Ransomware has brought extortion to a
global scale, and it’s up to all of us,
users, business-owners and decision-
makers, to disrupt it.

17. Thank you
Adv. Prashant Mali [BSc.(Phy.), MSc.(Computer Sci.),CCFP,LLM]
President - Cyber Law Consulting
Legal Counsel, Author, Speaker & Expert
Mob: +91-9821763157
facebook.com/cyberlawconsultant | Twitter: @CybreMahaGuru
Web : www.prashantmali.com
www.cyberlawconsulting.com
cyberlawconsulting@gmail.com