What is Ransomware? | A Definitive Guide

What is ransomware

What is ransomware?

Ransomware is a form of malware used to infect a computer. 

First, ransomware encrypts the victims files and restricts access to the files by the user.

In order to get access to the files, the victim must pay the attacker to get access to a decryption keyThe decryption key allows the victim to regain access to their files.

A cybercriminal has the ability to high ransom fees usually payable in bitcoin.

With the majority of personal information being stored on our devices, this can be a very worrying threat. Since so many of us rely on personal devices like smartphones and computers, losing access to it can cause considerable distress and disruption to our daily lives. 

The exposure of our personal data like credit card numbers, social security numbers, and bank account information could cause considerable financial repercussions that could take years to sort out. 

What is the origin of ransomware?

Computer viruses and malware are more than likely terms you’ve heard before and unfortunately that’s probably because of their prevalence in everyday life. Viruses and malicious software have been around since the very beginning of the internet. 

In fact, one of the earliest examples is the Morris worm. The Morris worm was written and released by a Cornell graduate without any malicious intent. The worm was designed to draw attention to some of the vulnerabilities and exploits in computer software, but quickly got out of hand and caused millions of dollars worth of damage.

Now thousands of viruses and malware have been created and unleashed onto the internet since the inception of the Morris worm. The difference is that these damaging programs are built and programmed with malicious goals in mind such as stealing personal information or taking control of your own personal computer.

Are there different types of Ransomware?

While there are many different ransomware softwares and more are being built every day, they primarily fall into two categories: locker ransomware and crypto ransomware. Both of these types of ransomware operate by restricting access to a device and then demanding payment through bitcoin or other cryptocurrencies.

Locker ransomware

Locker ransomware doesn’t encrypt the files of the targeted device. Instead it will lock the victim out of accessing the computer or smartphone and then demand a ransom to unlock it. 

Crypto ransomware

Crypto ransomware looks to infiltrate your computer and then encrypt large amounts of your personal files. This can make your device completely inoperable until the files are decrypted. 

Ransomware can come in all sorts of shapes and sizes. It utilizes a number of delivery or attack methods to gain access to the victim’s device before taking it over or encrypting the data. 

Here are a few methods to watch out for:

Locky

Locky is an example of a crypto ransomware that tricks users into installing the malware through a fake email and then quickly encrypting the harddrive of the victim. The software will then hold your files hostage and demand a Bitcoin ransom to decrypt the data. 

Wannacry

Wannacry is a form of crypto ransomware designed to exploit a vulnerability in Windows operating systems. Wannacry spread to 150 countries and 230,000 computers in 2017. 

Bad Rabbit

In this method, the intruder compromises a legitimate website. A user would then access the compromised website and click to install a software, but in reality its malware. Downloading the malware would then make the user victim to the drive-by method of ransomware.

Jigsaw

Once the malware is installed on a computer, Jigsaw will continuously delete files from the computer until the user has paid a ransom to the hacker.

Attack Type #3: Jigsaw

Once the malware is installed on a computer, Jigsaw will continuously delete files from the computer until the user has paid a ransom to the user making them a victim to Jigsaw.

Attack Type #4: Petya

This method is different from the other types of ransomware as Petya encrypts the entire computer system. More specifically, Petya overwrites the master boot record, causing the computer to execute a malicious payload that encrypts the rest of the partitions on the computer’s storage devices.

To check out other types of ransomware attacks, click here!

What techniques does Ransomware typically employ?

There are many ways ransomware can encrypt your computer.

Ransomware can overwrite original files with the encrypted versions, encrypt files after unlinking the original files, or encrypt your files and delete the original files.

How does Ransomware get into your system?

There are a number of different ways ransomware can make its way onto your device and these methods continue to get more advanced in deception. Whether it’s a fake email masquerading as your boss asking for help, or a website designed to look exactly like one you might frequently visit, it’s important to know what to watch out for when using the internet. 

Phishing

One of the most common ways for ransomware to make it onto your device is through phishing spam. Phishing is a popular technique used by cybercriminals to gather personal information or install malware onto your PC. This usually entails sending a deceptive email that can look identical to a service you use or a contact you frequently message. The email will tend to have some kind of innocent looking attachment or website link that will download the malware onto your computer. 

It’s important to keep your eyes open and refrain from assuming everything is legitimate just because it looks professional. If an email looks suspicious or doesn’t make sense then take the time to question it and confirm its legitimacy. If an email offers you a link to a website, don’t click it. Try navigating to the website directly instead. Websites can be set up to look identical to popular websites. So while it might look like you are entering your information into your bank’s login screen, you could be giving away your information to a malicious individual. 

If you end up downloading a questionable file, do not open it or run it. This can activate the ransomware and your computer can be quickly taken over and encrypted before you can do much else.

Malvertising

Another popular way of getting ransomware and other malware programs is through malvertising. Malicious advertisements can redirect you to websites dedicated to installing ransomware on your machine. These malvertisements can even make their way onto well known and legitimate websites so if you click on an advertisement and it takes you to a website that offers you a download, be sure you know what you’re downloading before you click “ok”. 

Who should be concerned about Ransomware?

Ransomware is a threat to everyone using a computer and the internet.

It is far more likely for cybercriminals to target businesses, especially small businesses as they have less protection and resources to pursue an attacker.

If you are a business owner or employee you should be researching and taking extra precautions to prevent your company from falling victim to a ransomware attack.

What can you do to prevent Ransomware attacks?

The key to preventing ransomware or any other cyber attack is to educate yourself and your employees on how to spot malicious attacks.

Ransomware can only enter your network through emails or by clicking on malicious links, so teaching your employees to properly spot malicious messages and links is the best way to prevent a ransomware attack.

How do Ransomware Simulations work?

Ransomware simulators are to be run on your network and usually mimic different operations performed by real ransomware, but without actually harming the users’ files.

Why would I want to simulate a ransomware attack?

Simulating a ransomware attack can be critical to evaluating how your security measures deal with real ransomware.

Good anti-ransomware products should be able to defend your system.

Running these simulations can also reveal how your employees would react to a ransomware attack.