What comes to mind when you think of a ransom? Probably a thrilling Hollywood action movie where a “high-value” individual or someone close to them is held captive until the demanded sum of money – the ransom – is paid to the kidnappers.
Ransomware is the real-life cyber version of it only that the high-value targets, in this case, are the computer files and data that belong to an individual or a corporate entity.
Still don’t get how it works? This article explores everything you need to know about ransomware.
What Is Ransomware?
Ransomware is a type of malicious software or “malware” that infects a victim’s computer and locks them out of the system. This effectively prevents them from accessing their files.
Authors of ransomware encrypt these files and demand a ransom from the victim which has to be paid first before they can restore access. This payment is typically sent via credit card or cryptocurrency.
How Does Ransomware Work?
A ransomware attack is, no doubt, one of the most prolific cybercriminal business models in existence today. This is thanks, in large part, to the multimillion-dollar ransoms these criminal masterminds demand from individuals, small businesses, and large corporations every year. Failure to meet these demands could see your system and business operations come to a halt or shut down entirely.
If you’ve never been the victim of a ransomware attack, here’s a brief overview of how the process works.
Step 1: The Attacker Gains Access to the System
The majority of malware attacks often start as social engineering exercises usually in the form of a malicious link in an email or as malicious code embedded in an attachment. Ransomware is no different.
Social engineering is a sophisticated form of manipulation that coaxes or entices the victim to disclose personal or sensitive information. This includes divulging details like the login credentials to their bank account, their social security number, etc.
A ransomware email with a malicious link or attachment is sent to the victim, who would then be lured into clicking on the objects, thus activating the malware; this gives the attacker access to the system.
Step 2: The Ransomware Takes Over
Once the malware is activated, it spreads quickly through the system encrypting certain types of files effectively denying users access to them. In some cases, the ransomware locks victims out of the system entirely.
Step 3: The Attackers Contact the Victim
At this point, the victim is notified of the ransomware attack and the accompanying demands of the criminal. These have to be fulfilled if the users hope to regain access to the system. Failure to comply could see them get locked out permanently.
Step 4: The Victim Pays the Ransom
Ransomware attacks typically involve the encryption of certain types of files or lock users out entirely, thus denying them access to the system. If the files are important enough to the victim, especially if they don’t have them backed up, they’re left with no choice but to pay the sum demanded.
Step 5: Full Access Is Returned to the Users
In most cases, once the attackers receive payment, they restore full system access to their victims. If they didn’t, their reputation would be jeopardized, and very few individuals or organizations would be willing to pay up if they didn’t think that their data would be restored.
All the past and recent ransomware attacks use two main types of malware.
1. Crypto Ransomware
These work by encrypting files or data on a victim’s computer and denying them access. Individuals would have to pay a ransom for the file to be decrypted to regain access.
Examples of Crypto-Ransomware
CryptoLocker is, by far, one of the most well-known ransomware in existence. It was first seen in September 2013 and is believed to have extorted well over $3 million from victims.
The attack used a Trojan and targeted computer systems running on Microsoft Windows. It was propagated via emails that had attachments containing malicious code.
Other famous crypto-ransomware include TorrentLocker, CTB-Locker, TeslaCrypt, and CryptoWall.
2. Locker Ransomware
Locker ransomware works differently from its crypto counterparts. Instead of encrypting the data and files, it locks users out of their computers completely to deny them access. In other instances, it targets and locks specific files like text, Word, and PDF.
Examples of Locker Ransomware
Reveton is locker ransomware that first appeared towards the end of 2012. The Trojan-based malware prevented users from logging into the system. The system would instead display an official-looking alert purportedly from the victim’s local law enforcement agency or, in some cases, the FBI.
It informed them that they had been locked out of the computer for being involved in illegal activities like software piracy or child pornography. The warning would further require the user to pay a “fine” using a prepaid voucher to avoid further action from being taken against them.
The first line of defense against any ransomware attack is to back-up files both online in a cloud and offline in an external disk. For Windows users, relying on the system-generated shadow copies is not enough since these get deleted when ransomware first infects a system.
Other adequate protection techniques you can employ include:
- Using a robust cybersecurity tool to safeguard your system against these types of threats
- Don’t automatically open email attachments
- Keep your operating system and all other installed software up to date
- Keep your anti-virus and any other ransomware removal tools up to date with the latest security patches to counter new threats
- Steer clear of email attachments that require you to “Enable Macros” to view its content
- If your system is compromised, don’t pay the ransom since there’s no guarantee that you’ll regain access
The Best Defense Is a Strong Offense
With so many new variants of ransomware coming up every other day, the best defense against these threats would be to minimize your exposure. Being proactive and taking the necessary steps to protect your system is a foolproof way to avoid becoming the next target of an attack.
Get expert advice today for the best solution to address your specific security needs.