In just one quarter, researchers have observed a 35-fold jump in new domains created for ransomware.
Ransomware is computer malware that installs covertly on a victim's device and that either mounts the cryptoviral extortion attack from cryptovirology that holds the victim's data hostage, or mounts a cryptovirology leakware attack that threatens to publish the victim's data, until a ransom is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer's Master File Table or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice.
Malwarebytes security researcher Hasherezade has dissected the most recent version of the DMA Locker ransomware, which she claims made important strides in improving quality overall and getting ready for a massive distribution campaign.
"Ransomware" has turned into a lucrative business for scammers, but it could jump from a troubling annoyance to life-threatening attacks.