An Ongoing Evolution of Ransomware – Part 3

Simeon Georgiev

This is the third part in the series of blogs where we are discussing how ransomware operators are adopting new methods and techniques to make their operations more efficient, lethal and yielding.

The intent of this series is to better educate our readers on any potential ransomware attack.

Launching Multiple Sub-encryption Processes

Conventional ransomware codes run a single encryption process on the infected device. Digital security experts performing ransomware removal activities can catch up with this encryption process to limit the further damage of the attack.

However, few ransomware attacks have been reported where the main cryptovirological code has generated multiple sub-threads to catalyze the encryption process. In any instance of this type of ransomware attack, your network security might able to halt one or two sub-threads, but rest of them will continue to lockdown your data.

Experts also think that no endpoint protection or AV can stop this parallel assault of ransomware, which exponentially increases the pace of encryption.

There is another awful prospect of this ransomware attack i.e. combination of multiple encryption module with polymorphic ransomware strain. Digital experts think that this double whammy will quickly overwhelm the infected system and the victim will immediately lose control of his device.

Superior Code Writing of Ransomware

As of now, many victims are succeeded in getting back their compromised files without paying anything to the attackers, because there are some skilled digital security personnel who can do ransomware decryption. Decryption becomes easy when there are loopholes in the code writing of encryption.  In case of poor key management and using predictable patterns for it, sometimes it makes it easy for experts to remove ransomware.

Now criminals have realized this weak link in their assaults. According to a professional who is well-versed in ransomware removal, majority of the coders are not encryption experts, which makes it easy to do ransomware decrypt. But he has noticed that in the latest version of Crysis, a ransomware strain, the earlier loopholes of encryption has been fixed, making the latest version impossible to decrypt.

We will continue to discuss this rapid evolution of ransomware in some of our next blogs.

Previous post Cybercriminals are Moving from Data Breaches to Ransomware Attacks Next post Over One Million Dollar Have Been Spent on CDOT’s Ransomware Recovery

Related Articles