Ransomware : A form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.
Ransomware is malicious software that takes over a single or multiple PC/ PCs and large complex networks like servers and threatens to leak or erase the data present in them unless a certain ransom is paid to the perpetrators. It superficially prevents the digital property user from accessing the system or data by locking the display screen or using simple/ advanced encryption methods.
Although most Ransomware types are based on simple virtual encryption methodologies and can be unlocked by an expert, many of them deploy a technique called cryptoviral extortion that involves advanced encryption techniques and can only be decrypted upon paying the demanded ransom.
The ransoms are mostly transacted using digital currencies like Bitcoin, Lithium, Paysafecard, or even Credit cards, making tracing and prosecuting the involved violators difficult. The attacks are generally carried out using infected files like a Trojan disguised as an authorized and permissible file. The user is essentially tricked into downloading the file and opening it from the email attachment via which these files are usually sent. However, many types of Ransomware can travel between systems without the need for user authentication or interaction.
The earliest Ransomware was developed in the late 1980s, where the payments were generally asked via snail mail. Ransomware attacks have grown significantly since 2012. The year 2018 alone saw 181.5 million ransomware attacks in the first six months itself.
Ransomware attacks are generally delivered using malicious spam emails with attachments that are booby-trapped in PDFs and Word files. These files contain links to malicious web sources leading to the attack. Some attacks are also delivered as downloadable payloads carried by malicious pages, malware, mal-adverts, or exploit kits.
As the attack is executed on the targeted system, the malicious files lock the affected system screen. A crypto-ransomware further encrypts targeted files while a screen image/ notification gets displayed on the screen, preventing it from unlocking.
Modern Ransomware is categorized as crypto-ransomware, where the users/ victims can recover the affected system/ data with a decrypt key upon paying the ransom. The ransom prices vary based on the type of Ransomware attack complying with digital currencies’ exchange rates. Specific Ransomware attacks also demand the ransom via iTunes pay cards and Amazon gift cards.
Remember that paying the ransom doesn’t always guarantee access to the infected system or the detained data as the perpetrators mostly belong to criminal nature. Ransomware fall under the category of “scareware” in cybersecurity threats. It intimidates or scares the victim to pay a fee for recovering the affected system/ files.
There is no single defense or protection to stop Ransomware attacks, although users can take various multi-layered approaches to protect their systems from eventual attacks. Avoid visiting untrusted web sources or websites without using a VPN. Using proper cloud email-gateway security solutions can prevent malicious emails.
