Ransomware Investigation: The New Challenges

Paulo Pereira, PhD
Mar 31, 2023

The term ransomware is used to define a type of artifact that encrypts files and folders of an operating system, in most cases Windows, but not exclusively this system.  A few years ago, this artifact was delivered as a file only. Today, there is a cloud infrastructure and servers for hire on the dark web, and deployment is known as “ransomware-as-a-service” (RaaS). As the cloud service enables multiple ransomware deliveries, the reuse of code from other ransomware is common.  For this reason, it is interesting to analyze the artifact to verify if it belongs to any already detected ransomware family. 

Evolution of attacks

Unit 42’s 2023 report reveals an evolution in ransomware attacks with the expansion of the social engineering blackmail technique that attackers use to target specific C-Suite team targets and continue with financial extortion.

This is a change in the behavior of the groups of attackers who, previously, negotiated the extortion of the victims until the moment of decrypting the compromised files. However, the trend for the coming years is for these groups to continue with extortion even after the encryption stage of the files and the ransom demand, trying to denigrate the company’s image by exposing the stolen data.

Another aspect is the denial-of-service attack built into ransomware. According to Liska and Gallo (2017, p.16), “ransomware is an umbrella term used to describe a class of malware that serves to digitally extort victims, making them pay a specific price.”

Attacks carried out using ransomware have also evolved....

Author

Paulo Pereira
Paulo Pereira is an independent malware analyst, Cyber Security Professional, EXIN Instructor.
Subscribe
Notify of
guest

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023