3. RANSOMWARE
• Submitted to:
DR R.K CHAUHAN
Miss pooja mam
(assistance professor)
• Submitted by :
Komal rani
Roll no: 43
Sec.: A(MCA 1ST)
6TH OCT, 2017
4. Contents
What Is Ransomware ?
Definition Of Ransomware
History
Types Of Ransomwar
Encryption Ransomware
Lock Screen Ransomware
Mbr Ransomware
Cryptolocker Ransomware
Hoe To Prevent Ransomware?
5. BE CONTINUE…….(content)
How To Identfy Ransomware
Removal-microsoft Procedure
Delete Cryptolocker Hidden File
Delete Temporary Files
Way of payment
What is bit coin?
Conclusion
References
6. What is ransomware ?
Ransomware Is A Type Of Malware Which Is
Widely Classified As A Trojan.
Its Restricts Access To Or Damage The Computer
For The Purpose Of Extorting Money For The
Victim.
It Also Has The Capability To Encrypt A User’s
Files,display The Different Threet Massage,and Force
The User To Pay Ransom Via An Online Payment
System.
7. HISTORY
The first known ransomware was the 1989 "AIDS" trojan
(also known as "PC Cyborg") written by Joseph Popp.
Extortionate ransomware became prominent in May 2005.
By mid-2006, worms such as Gpcode, TROJ.RANSOM.A,
Archiveus, Krotten, Cryzip, and MayArchive began utilizing
more sophisticated RSA encryption schemes, with ever-
increasing key-sizes.
In 2011, a ransomware worm imitating the Windows
Product Activation notice surfaced.
8. BE CONTINUE…
In February 2013, A Ransomware Worm Based Off
The Stamp.EK Exploit Kit Surfaced.
In July 2013, An Os X-specific Ransomware Worm
Surfaced.
Cryptolocker Has Raked In Around 5 Million Dollars
In The Last 4 Months Of 2013.
9. TYPES OF RANSOMEWARE
Encryption Ransomware
Lock Screen Ransomware
Master Boot Record (Mbr) Ransomware
Crypto Locker Ransomware
10. ENCRYPTION RANSOMWARE
Encrypts Personal Files/Folders (E.G This Pc).
Files Are Deleted Once They Are Encrypted And Generally
There Is A Text File In The Same Folder As The Now-
inaccessible Files With Instructions For Payment.
You May See A Lock Screen But Not All Variants Show
One.
Instead You May Only Notice A Problem When You
Attempt To Open Your Files.
This Type Is Also Called 'File Encryptor' Ransomware.
12. LOCK SCREEN RANSOMWARE
'Locks' The Screen And Demands Payment.
Presents A Full Screen Image That Blocks All Other
Windows.
This Type Is Called 'Winlocker' Ransomware.
No Personal Files Are Encrypted.
14. MBR RANSOMWARE
The Master Boot Record (MBR) is a section of the
computer's hard drive that allows the operating
system to boot up.
MBR ransomware changes the computer's MBR so
the normal boot process is interrupted.
A ransom demand is displayed on screen instead.
16. CRYPTOLOCER
A Encrypting ransomware reappeared in 2013.
Distributed either as an attachment to a malicious e-mail or
as a drive-by download.
encrypts certain types of files stored on local and mounted
network drives using RSA public-key cryptography.
The private key stored only on the malware's control servers.
Offers to decrypt the data if a payment (through either
Bitcoin or a pre-paid voucher) is made by a stated deadline.
threatens to delete the private key if the deadline passes.
17. If the deadline is not met, the malware offers to decrypt
data via an online service provided by the malware's
operators, for a significantly higher price in Bitcoin.
18. HOW TO PREVENT RANSOMWARE?
Keep All Of The Software On Your Computer Up To Date.
Make Sure Automatic Updating Is Turned On To Get All The
Latest Microsoft Security Updates And Browser-related
Components (Java, Adobe, And The Like).
Keep Your Firewall Turned On.
Don't Open Spam Email Messages Or Click Links On Suspicious
Websites. (Cryptolocker Spreads Via .Zip Files Sent As Email
Attachments, For Example.)
19. BE CONTINUE…..
Download Microsoft Security Essentials, Which Is Free, Or Use
Another Reputable Antivirus And Anti-malware Program.
If You Run Windows 8 Or Windows Rt, You Don’t Need Microsoft
Security Essentials.
Scan Your Computer With The Microsoft Safety Scanner.
Keep Your Browser Clean.
Always Have A Good Backup System In Place, Just In Case Your
Pc Does Become Infected And You Can’t Recover Your Files.
20. HOW TO IDENTIFY RANSOMWARE?
Most Commonly, Ransomware Is Saved To
One Of The Following Locations:
c:programdata(random alpha
numerics).exe
c:users(username)0.(random numbers).exe
c:usersusernameappdata(random alpha
numerics).exe
21. REMOVAL – MICROSOFT PROCEDURE
The Following Microsoft Products Can Detect And
Remove This Threat:
Windows Defender (Built Into Windows 8)
Microsoft Security Essentials
Microsoft Safety Scanner
Windows Defender Offline (Some Ransomware Will
Not Allow You To Use The Products Listed Here, So
You Might Have To Start Your Computer From A
Windows Defender Offline Disk.)
22. DELETE CRYPTOLOCKER HIDDEN FILES
Enable The Hidden Files View From Control Panel.
Navigate To The Following Paths And Delete All Cryptolocker Hidden
Files:
For Windows Xp
C:documents And Settings<your Username>application
Datarandomfilename.Exe
E.G. {Daeb88e5-fa8e-e0d1-8fcd-bfc7d2f6ed25}.Exe
For Windows Vista Or Windows 7
C:users<your
Username>appdataroamingrandomfilename.Exe
E.G. {Daeb88e5-fa8e-e0d1-8fcd-bfc7d2f6ed25}.Exe
C:windowssystem32msctfime.Ime
23. DELETE TEMPORARY FILES
Finally Delete All Files And Folders Under Your TEMP
Folders:
For Windows XP
– c:documents and settings<your username>local
settingstemp
– c:windowstemp
For Windows Vista Or Windows 7
– c:users<your username>appdatalocaltemp
– c:windowstemp
24. Way of payment
This step can be fairly easy since most ransomware will
display the payment methods in large text or very clear
instructions. Typically there will be a link to instructions
right in the ransomware screen. In other cases you will have
a file named something like
DECRYPT_INSTRUCTIONS.TXT that you can follow.
Regardless of the specific version of ransomware you’ve
been hit with, the payment instructions will give you three
pieces of information: • How much to pay • Where to pay
• Amount of time left to pay the ransom (countdown timer)
Once you have the above information, it’s time to figure out
how to pay the ransom.
25. What is bit coin?
Once you have a Bitcoin (or more) in your Bitcoin wallet, now
it’s time to transfer that Bitcoin to the wallet of the
ransomware creator. Typically paying the ransom will require
one or more of the following pieces of information:
• A web address to view your specific ransomware payment
information (this may be a TOR address).
• The hacker’s BTC wallet ID that you will use to transfer the
BTC to.
• Depending on ransomware, the transaction ID or “hash”
generated when you actually transfer the BTC to the hacker’s
wallet.
26. E xample of a Bitcoin wallet string: 19eXu8
8pqN30ejLxfei4S1alqbr23pP4bd
28. CONCLUSION
When It Comes To Malware Attacks, Knowledge Is The Best
Possible Weapon To Prevent Them. Be Careful What You
Click!! Preventive Measures Should Be Taken Before
Ransomewares Establish Strong Hold. Keeping All The
Software Updated And Getting Latest Security Updates Might
Help To Prevent The Attacks. Use Of Antivirus And Original
Software Is Highly Recommended. Creating Software
Restriction Policy Is The Best Tool To Prevent A Cryptolocker
Infection In The First Place In Networks.