Ransomware, Fileless Attacks and Cold Boot the Current Trend

A new breed of cyberattacks- ransomware, fileless attacks and cold boot- have been impacting enterprise networks worldwide and proving to be a real headache to many.

The ransomware menace

The ransomware, which has been here for quite some time, became sort of a household name, with even non-techies getting to know as to what it is, with the Wannacry attack in mid-2017. The NotPetya attack too was widespread. Cybersecurity experts wrote that ransomware would emerge as one of the most notable trends of today in the realm of cybercrime.

We come to hear of ransomware strikes very frequently these days. The last few months have witnessed ransomware strikes targeting hospitals and healthcare firms, city administration, sporting events etc. Ransomware strikes had recently happened targeting the town of Valdez in Alaska and the Canadian town Midland in Ontario. Servers at the U.S- based PGA ( Professional Golfers’ Association of America) were hit by ransomware strikes before this year’s PGA Championship was held, in August.

Quite recently, the flight information system displays at the Bristol airport had to be taken offline for a couple of days, to contain a ransomware attack; the information was displayed on whiteboards and announcements were depended on in an increased manner.

There is news about a ransomware called the Everlasting Blue Blackmail Virus, which hits Windows PCs via spam and phishing campaigns and which has a ransom note that comes with the image of former U.S president Barack Obama.

The issue with ransomware attacks is that all files on a system or network would end up being encrypted, thereby throwing out of gear all day-to-day activities. An attack targeting the data belonging to a city administration could even affect basic things like water supply, waste management etc. A ransom would be demanded, to get the files decrypted and access restored.

An increase in fileless attacks

An increase in fileless attacks, which are really difficult to detect, is being reported from across the world. A characteristic feature of such attacks is that there won’t be any malicious software installed on the victim’s system, thereby making it really tough to detect them using conventional security software. Surveys point out that such fileless attacks are increasing in number and form a really notable share of the total number of cyberattacks happening.

In fileless attacks, legitimate Windows tools, like Powershell for example, are targeted; the hackers would latch on to such tools and thus gain control over a system, from there extending control over the entire database of an organization.

Cold boot attacks on the rise

A cold boot attack happens when a hacker with physical access to a system does a cold reboot to restart the system and retrieves encryption keys from a running operating system. This kind of cold rebooting, which happens without following a proper shutdown process, helps recover the data that remains briefly accessible in the RAM after the power is lost. A USB drive connected to a PC is enough to carry out a cold boot attack. A hacker can thus break into a system in a company and from there access the whole network. Such attacks too are now on the rise.