In the previous blog, we have discussed some of the pointers highlighting how ransomware codes are being evolved amid all the technological innovations. Here, we will continue to carry forward our discussion on the progression of ransomware.
Encrypting the Entire Hard Drive
In most of the conventional ransomware attacks, victims are locked out of some of their valuable files for whom the perpetrators asked for a payoff to provide a key for ransomware decrypt. But ransomware operators are now employing a trick to lockdown the entire hard drive by encrypting its master code. According to experts, they have recently seen some cases of ransomware attacks where the operators targeted the core of hard drive i.e. the master boot record.
Master boot record is the information stored in the first sector of any mass storage device. It identifies the location of the operating system and decides when and where to boot it whether using ROM or RAM. By taking control of master boot record, ransomware attackers can make all stored filed inaccessible to users.
Corrupting master boot record also reduces the workload of ransomware operators because they don’t have to run encryption for separate files on the device.
Employing a Polymorphic Approach
Ransomware codes are known for quickly spreading through the affected network. In usual cases, the ransomware with the same code infects every device on the network, which makes detection and ransomware decrypt easy for the experts.
But now, it is being noticed that ransomware attackers are using polymorphic codes to complicate its detection. According to experts, these codes are programmed to have a slight change in their code while dispersing through the network. This means a polymorphic ransomware code running on two devices will be different from each other.
A polymorphic code can considerably increase the downtime because each and every code will need a different ransomware decrypt module to restore ransomware files.
This feature is still in a developing phase because it requires an exceptional prowess of malware coding. However, mainstreaming of this feature will transform ransomware into the most intimidating cyber threat (if it hasn’t already become a one).
For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.
