Ransomware typically spreads via spam or #phishing emails. It also can be spread through websites or drive-by downloads to infect an endpoint and penetrate the network. Infection methods are constantly evolving and there are many other ways one can become infected, as well Once in place, the ransomware then locks all files it can access using strong encryption. Finally, the demands a ransom (typically payable in #bitcoins) to decrypt the files and restore full operations to the affected IT systems.
Encrypting ransomware or cryptoware is by far the most common recent variety of ransomware. Other types that might be encountered are:
- Non-encrypting ransomware or lock screens (restricts access to files and data, but does not encrypt them)
- Ransomware that encrypts the Master Boot Record (MBR) of a drive or Microsoft's NTFS, which prevents victims' computers from being booted up in a live OS environment.
- Leakware or extortionware (exfiltrates data that the attackers threaten to release if ransom is not paid)
- Mobile Device #ransomware (infects cellphones through drive-by downloads or fake apps)
Latest Trends in Malware
Ransomware continues to be a major threat to businesses in all sectors, with some areas getting hit particularly hard, especially healthcare. Cyber criminals continue to evolve their strategy and method of attack, concentrating on areas that provide the highest payback for the least effort.
However, in recent months cryptojacking has proven to be a popular approach for cybercriminals, with the number of attacks outnumbering ransomware in some business sectors.
(also called malicious #cryptomining) is an emerging online threat that hides on a computer or mobile device and uses the machines resources to mine forms of online money known as #cryptocurrencies. It can take over web browsers, as well as compromise a variety of devices, from desktops and laptops to smart phones and network servers. Unlike ransomware, which reveals itself to the victims in order to demand payment, cryptojacking is designed to stay completely hidden from the user.