Ransomware. It’s been described by security companies and news agencies alike as an “epidemic.” New strains are constantly detected in the wild and many are using original techniques — such as creating a unique encryption key for each file locked down — to frustrate security companies and convince users they should pay.
While there’s no way to completely shield devices from ransomware attacks and payment demands, knowing the basics can both reduce user anxiety and limit the chances of becoming a victim.
What Is Ransomware?
As noted by Tech Target, the goal of ransomware is to "kidnap" data and demand payment from users for its release. It’s a subset of the general malware category, made distinct because ransomware attacks don’t focus on stealing user credentials or interrupting key processes, but rather the isolation of data coupled with the promise of destruction if monetary demands aren’t met.
Often, ransomware code is hidden inside seemingly harmless software or applications, and executes when users first launch the program. Devices may also be infected through malicious email links or compromised websites. In many cases, victims aren’t aware they’re under attack until they discover files are locked and a ransom demand displays on screen.
Some key characteristics that set it apart from other malware
It feature unbreakable encryption, which means that you can’t decrypt the files on your own (there are various decryption tools released by cyber security researchers – more on that later);
It has the ability to encrypt all kinds of files, from documents to pictures, videos, audio files and other things you may have on your PC;
It can scramble your file names, so you can’t know which data was affected. This is one of the social engineering tricks used to confuse and coerce victims into paying the ransom;
It will add a different extension to your files, to sometimes signal a specific type of ransomware strain;
It will display an image or a message that lets you know your data has been encrypted and that you have to pay a specific sum of money to get it back;
It requests payment in Bitcoins because this crypto-currency cannot be tracked by cyber security researchers or law enforcements agencies;
Usually, the ransom payments have a time-limit, to add another level of psychological constraint to this extortion scheme. Going over the deadline typically means that the ransom will increase, but it can also mean that the data will be destroyed and lost forever.
It uses a complex set of evasion techniques to go undetected by traditional antivirus (more on this in the “Why ransomware often goes undetected by antivirus” section);
It often recruits the infected PCs into botnets, so cyber criminals can expand their infrastructure and fuel future attacks;
It can spread to other PCs connected to a local network, creating further damage;
It frequently features data exfiltration capabilities, which means that it can also extract data from the affected computer (usernames, passwords, email addresses, etc.) and send it to a server controlled by cyber criminals; encrypting files isn’t always the endgame.
It sometimes includes geographical targeting, meaning the ransom note is translated into the victim’s language, to increase the chances for the ransom to be paid.
How Does A Ransomware Attack Work?
As noted by Kaspersky Lab there are two main types of ransomware: Locker and crypto. Locker programs are easier to defeat since they avoid critical files and instead aim to lock out users from critical functions such as desktop or Internet access. The much more popular crypto form, meanwhile, encrypts files and then demands payment.
Most crypto ransomware attacks follow a similar pattern: User devices are infected with malicious code, which then selects specific files and starts to encrypt them using a unique algorithm. In some cases, only pictures and documents are targeted; in newer ransomware variants, attackers also go after executable files. Once infected, victims usually receive a warning screen that may accuse them of breaking the law or simply state they’ve been the victim of a cyberattack. Malware makers often want payment in Bitcoin sent to a specific email address and many start a "countdown timer" — if payment isn’t made quickly enough, all files are deleted.
Preventing The Problem
To protect your personal data, it’s worth implementing a few simple ransomware security measures. First up? Don’t assume that only Windows PCs are at risk. According to PCWorld it’s now possible for ransomware to attack Android and iOS, Linux servers and even smart televisions.
- lower the chances of infection by deleting spam emails.
- Never clicking on suspicious links.
- Always downloading mobile apps from official application stores.
- Keep your operating system up to date and regularly run a reliable anti-virus scan to help detect any dormant ransomware code.
- It’s important to always back up critical files — on a USB stick, external hard drive or another PC — that isn’t connected to your primary device.
- If your device does get locked down, search online for a cure, since many security companies have developed ways to crack existing ransomware encryption.
- Worst-case scenario, you can also pay the ransom — understand, however, that payment does not guarantee the safe return of your files.
Ransomware continues to impact devices and users worldwide. Avoid attacks and limit damage by understanding the basics of a ransomware attack and improving your overall information security.