The term ransomware is used to define a type of artifact that encrypts files and folders of an operating system, in most cases Windows, but not exclusively this system. A few years ago, this artifact was delivered as a file only. Today, there is a cloud infrastructure and servers for hire on the dark web, and deployment is known as “ransomware-as-a-service” (RaaS). As the cloud service enables multiple ransomware deliveries, the reuse of code from other ransomware is common. For this reason, it is interesting to analyze the artifact to verify if it belongs to any already detected ransomware family.
Evolution of attacks
Unit 42’s 2023 report reveals an evolution in ransomware attacks with the expansion of the social engineering blackmail technique that attackers use to target specific C-Suite team targets and continue with financial extortion.
This is a change in the behavior of the groups of attackers who, previously, negotiated the extortion of the victims until the moment of decrypting the compromised files. However, the trend for the coming years is for these groups to continue with extortion even after the encryption stage of the files and the ransom demand, trying to denigrate the company’s image by exposing the stolen data.
Another aspect is the denial-of-service attack built into ransomware. According to Liska and Gallo (2017, p.16), “ransomware is an umbrella term used to describe a class of malware that serves to digitally extort victims, making them pay a specific price.”
Attacks carried out using ransomware have also evolved....
Author
- Paulo Pereira is an independent malware analyst, Cyber Security Professional, EXIN Instructor.
Latest Articles
- OfficialJune 6, 2024Dark Web File Sharing: Basic Forensics Using CSI Linux
- OfficialOctober 24, 2023The LockBit 3 Black Forensics Analysis Part II
- OfficialOctober 24, 2023The Lockbit 3 Black Forensics Analysis (Part III)
- OfficialOctober 17, 2023Reflections on Artificial Intelligence and Digital Forensics