Ransomware is a type of malware (a portmanteau of the words ‘malicious’ and ‘software’ like viruses and Trojans) that encrypts a victim’s files. It is the extortion software that can lock a computer device. The attacker then demands a ransom from the victim for putting the system’s data access back upon receiving payment.
Users get directions on how to pay a fee to get the decryption key. The costs could vary from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin. The risk posed by ransomware relies on the variant of the virus. The primary thing to focus on is that there are two key categories of ransomware: locker ransomware, where basic computer functions are affected, and crypto-ransomware, where individual files are encrypted.
Blackmailing computer users through this way is not a 21st-century invention. A primitive pioneer of ransomware was put in place as early as 1989. In 2005, someone reported the first concrete instance of ransomware in Russia. Since then, ransomware has propagated across the world, with new kinds continuing to prove effective. A sudden increase in ransomware attacks was notable in 2011. Considering the upcoming attacks, since 2016, manufacturers of antivirus software have sharply emphasised their virus scanners on ransomware.
One can see regional changes in the various ransomware attacks. For example:
- Inaccurate messages about unlicensed applications: In some countries, Trojans admonish the victim that unlicensed software is installed on their computer. The message then urges the user to make a payment.
- Wrong claims about illegal content: There are countries where illegal software downloads are a usu practice; this is not particularly successful for cybercriminals. Instead, ransomware messages allege that they are from law enforcement agencies and that child pornography or other illegal content has been discovered n the victim’s computer. The message also consists of a demand for a penalty fee to be paid.
Working of Ransomware
There are multiple vectors ransomware takes to access a computer device. One of the most ordinary delivery systems is phishing spam, where attachments come to the victim through an email, disguising them as a file they should trust. Once they’re downloaded and opened, they can take over the victim’s computer, especially if they have built-in social engineering tools that play on users into permitting administrative access. Some more aggressive forms of ransomware, such as NotPetya, take undue security holes to infect computers without requiring to trick the users.
There are multiple things the malware might do once it’s captured over the victim’s computer, but by far, the most common action is to encrypt some or all of the user’s files and data. If one wants the technical details, the Infosec Institute has an excellent in-depth look at how different flavours of ransomware encrypt files. But the most vital part is to know the eventual process; the files cannot be decrypted without a mathematical key that only the attacker knows. The user is presented with a message describing that their files are now unreadable and will only be decrypted if the victim credits an untraceable Bitcoin payment to the cyber attacker.
Preventive steps against ransomware
- Keep your operating system patched and updated to have fewer vulnerabilities to exploit
- Don’t install software on your device or give it administrative privileges unless you know precisely what it is and what it does or its functioning
- Install antivirus software, which can check malicious programs like ransomware as they enter, and whitelisting software, which prevents unauthorised applications from implementing in the first place.
- Don’t forget to back up files and data frequently. That won’t cease a malware attack, but it could make the threat caused by one much less impactful on your device