Recipe for Infection: Ransomware
Antoinette Maria May 16, 2017
Cooking Time: On average < 1 minute | Serving Size: Thousands
- 1 highly motivated malicious actor
- At least 1 ransomware program with a strong encryption algorithm
- 1 Tor Client (optional)
- 1 malicious email (can be substituted with a compromised website or malicious download)
- 1 vulnerable computer
On the vulnerable computer, open the malicious email you've received and click the link or download the attachment. If there's a link or anything to click in the attachment, click it. This will trigger the download of the ransomware program (or the Tor client). Note: This email could come from a perfect stranger or someone you know.
(Optional) Once the Tor client is downloaded, let it connect to a malicious domain to download the ransomware program.
Once the ransomware program is downloaded, run it and set aside for about 30 seconds - 17 minutes depending on the ransomware and the amount of files on the vulnerable machine. The ransomware will copy itself to memory to continue running and delete the originally downloaded file. It will then parse through all of the files on the vulnerable computer (and any mapped network drives) and encrypt them using the strong encryption algorithm coupled with the program. Note: You'll want to be sure the encryption or else a security research team might write a decryption algorithm and give it out for free to help people.
Allow the ransomware to spread to share drives to infect and encrypt all other machines that might be connected to the vulnerable computer.
After encryption is complete, open the instructions file dropped on the desktop of your vulnerable computer. This file will let you know how much to pay the highly motivated malicious actor and where to send the money (usually BitCoin).
Spend 10 minutes trying to open up your encrypted files only to see a bunch of garbled gibberish and then scream.
Spend 2 hours on the phone with tech support yelling about your files being gone and realize you don't have any data backups.
Mix steps 6 and 7 together, blend until smooth. Follow up with a good cry in the fetal position.
Mull over paying the ~$500 ransom because you really want that photo of you and your late grandmother back.
(Optional) Pay the ransom. Note: Take this step at your own risk. There is no guarantee that you'll get your files back
And voila, you have a ransomware infected machine. Quick and easy and serves thousands. Perfect for causing million to billion dollar damage in data loss for a large scale enterprise or government organization. Many modifications to the recipe exist. Some like to deliver the ransomware program with a drive by attack so that you (the user) don't have to actually click anything. You just have to visit an infected website. Other modifications include no real method to decrypt encrypted data, saving credentials and valuable information found in files on the computer, installing other malware on the machine (like a bot for a botnet), and running the ransomware as a service on the vulnerable machine.
Want to add a little extra?
Create some type of system to complete regular backups of your system that aren't continuously connected to the computer.
Suggested Drink Pairing
Vodka. Lots of Vodka.