Ransomware is a kind of malware which has been designed to lock data in the targeted computer or other devices then demand payment from the victim. Unlike other malware, this one notifies the user when the computer has been compromised. In most cases, it displays an on-screen notification with information on how to make payments so that the data can be decrypted. Some of them display a countdown timer which indicates the number of days, hours, minutes or even seconds before the decryption key is deleted. The timer is effective in making the victims pay quickly, especially if the affected computer has important data.
Cryptocurrencies such as Bitcoins are the main payment methods used by attackers to make the transaction untraceable. If the victim doesn’t meet the demands on time, the data is either destroyed or becomes completely inaccessible.
Unfortunately, paying the cybercriminal doesn’t guarantee access to your data. Statistics indicate that a significant percentage of victims tried to save their data by paying the attackers but it never worked. A successful attack on servers of a utility company might lead to great losses since the operations might shut down for some time.
Generally, the malware is spread through infected storage devices, malicious email attachments, compromised sites, and infected apps. Advanced cybercriminals also use remote desktop protocol and other complex approaches. Someone can unknowingly spread the malware across multiple machines by using an infected storage device to transfer data to other computers. Therefore, you might become a victim even if your PC is not connected to the internet.
How the malware works
This malware is created by cybercriminals who want to sabotage corporations or generate money by extorting unsuspecting users. Cybercriminals with advanced programming skills develop the malware from scratch, but those with little or no programming knowledge purchase advanced development tools form darknet. Readily available tools such as ransomware-as-a-service (RaaS) make it easier for a programming newbie to generate the malware and distribute it with ease. The cybercriminals usually integrate their cryptocurrency accounts in the malware for payment purposes.
When the malware is ready, the attacker hides it in software, apps, PDF documents or other files. The malware is then uploaded on various sites for unsuspecting victims to download. A successful attack involves the following steps:
Step 1: The malware gets into the system
Most cybercriminals are smart and they start their attack by social engineering. They create a form or malicious link with enticing description to lure unsuspecting users to click. Anyone who clicks the link activates the malware to download in the background. Copies of the malware might be spread using external storage devices.
Step 2: The malware takes control
If your machine doesn’t have an effective antivirus to detect malicious activities in the system, the malware will start causing havoc. It encrypts the targeted file types then prevents the user from opening them.
Step 3: The victim is notified
The victim has to know what is happening so that the malware can achieve its goal. The malware displays an on-screen notification highlighting the attacker’s demands and how to regain access to the system.
Step 4: Ransom payment
Most victims panic after reading the notification. Some of them think that the right course of action is to pay the attackers. The victim sends the specified amount of money (cryptocurrency) to the cybercriminals before the set deadline.
Step 5: The victim regains access
The attackers send the key to decrypt the locked files. This allows the victim to regain full control of the system. Most attackers decrypt the files on payment so that other victims can believe payment is a quick solution to the problem. However, criminals who intend to sabotage a corporation might not send the key so that the organization can lose both data and money.
Types of ransomware
Criminals keep developing new variations of the malware and it is difficult to keep track of all the available strains. You can visit top cybersecurity sites to learn more about different types of ransomware. Two different strains might use different tactics to spread, but they all have one goal – to compromise your system and hold files/data hostage. Let’s see some of the most common ones.
1) Scareware
This malware displays frequent pop-up notifications claiming that your system is compromised. These annoying pop-ups will continue appearing even if you try to cancel them. Some users get frustrated and decide to pay so that the notifications can stop appearing on the screen.
2) Screen lockers
This one completely prevents the user from accessing the affected computer. When the computer starts, a notification with a government seal appears with instructions on how to pay a fine. Some malware will notify you that you have been using unlicensed software or accessing illegal websites and you have to pay to continue using your computer.
3) Encrypting ransomware
It is also referred to as data kidnapping attacks. This malware is quite effective since it encrypts important data and then demands payment. The strong encryption algorithms that the malware uses make it difficult for experts to reverse-engineer it and restore the data.
4) Malware related products
Some cybercriminals create malware then they launch it on the web. The same criminals create an app or software that can remove the malware and decrypt the affected files. The malware encrypts data, then notifies the victims that their devices are compromised. The criminals then sell the software claiming that is able to prevent future attacks.
5) Doxware
This malware copies personal information and sensitive files to the criminals. Then the attackers threaten to upload it to the web if you don’t pay.
6) Mobile malware
The malware attacks mobile devices. It might steal some files or lock your device, then demand payment to return the files or unlock your device.
7) Email ransom note or pop-up message
The malware encrypts your files, then generates an email note or pop-up message with information on how to make payment so that you can receive the private key to decrypt your data. Some malware deletes the key if you don’t pay on time.
Ransomware is one of the latest criminal business models which cybercriminals use to extort a lot of money from their victims. The attackers are hard to trace since the payment is done in virtual currencies which hide their identity. Many individuals and corporations have lost a lot of data after failing to pay cybercriminals for their data to be decrypted. This malware can compromise your business and lead to losses. To be on the safer side, use the latest operating system, update your antivirus regularly, avoid downloading suspicious email attachments or apps and avoid using other people’s external storage devices.