Ransomware is a blanket term used to describe a class of malware that is used to digitally extort victims into payment of a specific fee. Ransomeware dates back to 1989 with the code names AIDS written by Joseph Popp. The alarming thing about ransomeware, even since its beginning, is it can assault ones system without any activity on their part. The deliverer method of installation is delivered in a variety of ways depending on what system is being compromised. Most methodology consists of where the first file is a small piece of code designed to evade detection and communicate with extortionists command and control channels. Then, the executable will receive commands to download the ransomware itself for infection on the compromised computer. After said computer is infected, the malware will begin its process of encrypting files and infecting other computers if the payload instructs it to do so.
With an exploit kit like the one WannaCry exploits the EternalBlue, the packet can compromise any computer on the network that did not have the Printer Sharing request patched. Mostly XP machines were infected with the WannaCry Ransomeware because Microsoft released a security patch (hotfix) for the flaw, but they no longer supported XP at the time WannaCry was attacking the vulnerability in the Windows OS.
Ransomeware went out of style in the late 90’s but returned with vengeance in 2016 with the vast access to digital currency. Other ransomeware infections such as lockers, doxware, and scareware can also be easily acquired by the user via downloading the payload within an infected document, clicking on a malicious attachment within an email, or clicking on a link within an email or on the internet. Social engineering, phishing, watering hole attacks, mal-advertising, and drive-by-downloads are some of the most popular techniques used by the assailants.