Tools and techniques to restore ransomware files and ransomware repair are improving, but so is the coding of these malwares. Ransomware developers are constantly succeeding in making it hard to locate the malicious code and the activity of ransomware decrypt.
Cyber security experts indicate some of the methods through which ransomware operators are trying to improve effectiveness of this cryptovirological tool.
We will discuss this ongoing evolution of ransomware attacks in multiple parts in this section.
Slow Encryption of Data to Evade Detection
Some ransomware developers are spreading and stretching the routine of encryption process over a long period of time to evade the detection from security software. For instance, if an antivirus is programmed to detect the rate of encryption of 500 files per 10 seconds, then developers might extend this timeframe so that the encryption goes unnoticed by the software.
According to a senior security researcher at Kaspersky Lab, they are now witnessing this trick more often. He also indicates another risk of slowed down encryption process i.e. backup data might also end up in the possession of attackers.
Avoiding Linear Patterns of Encryption
Many ransomware repair and detection tools look for linear patterns of encryption to locate the malicious coding. To get around this detection, ransomware developers are employing techniques to make the encryption and overwriting of files more non-linear and random.
Changing the Delivery System of Ransomware
As of now, malicious link sent through an email is the most common delivery method of ransomware. But with increased awareness regarding phishing and social engineering tactics of cyber criminals, people are now getting more cautious in clicking on any dubious link, particularly sent through an email.
Therefore, ransomware operators are going for other methods to deliver malicious code effectively. According to the chief operating officer of CyberSight, instead of links many ransomware attackers are now using file attachments (PDF, JPEG etc) with ransomware scripts to infiltrate the devices.
It is indeed an effective trick to deliver ransomware through file attachments because many people still don’t consider PDF and JPEG extensions as a cyber threat.