What is a Ransomware Attack?
Ransomware infects your computer or mobile devices, locking you out until you pay a ransom. Ransomware is a form of malicious software or malware which restricts access to your computer or mobile device or encrypts data until you pay a ransom in exchange for accessing your devices or data again.
A very well know ransomware attack that gained international attention was the “WannaCry“ ransomware attack that happened back in May 2017. It is now considered one of the largest ransomware attacks where hackers infected over 300,000 computers in over 150 countries in less than four days of the worm being released. It targeted systems running the Microsoft Windows operating system by encrypting the users' data and demanding ransom payments in bitcoin. It was propagated by an exploit known as “Eternal Blue” which was developed by the NSA. Even though Microsoft had released patches for the particular exploit, the worm was spread from organizations that had not applied these patches to their systems. The ransomware attack cost almost 4 Billion dollars in losses across the globe.
A few well know ransomware attacks are:
GandCrab: This is a ransomware attack that threatened to reveal a victim’s porn-watching habits. Gandcrab cybercriminals demanded a ransom by claiming to hijack the victim’s webcam and release embarrassing footage of them.
CryptoLocker: CryptoLocker was spread through infected email attachments and was first seen in 2007. Once on the victim’s computer, it searched for valuable files to encrypt and hold for ransom. It affected around 500,000 computers, law enforcement, security companies, etc, and even managed to seize a worldwide network of hijacked home computers. An online portal was later developed where victims could get a decryption key to later unlock and release their data for free without paying criminals.
So how does a ransomware attack work? To learn about ransomware we first need to know what a virus is! A virus is a type of malware that essentially needs a host to survive on and once attached to the host multiply’s by inserting a copy of itself into another program becoming a part of that program. It spread from one computer to another. A virus remains dormant until the file containing the virus is opened and spread the malicious program. The malicious code of the virus is executed with the host code. This is caused when the software or a document is spread from one computer to the next for example through file sharing, email attachments, using another computer’s network, etc. Unlike a worm, malware that clones itself repeatedly.
Ransomware is an attack technique that encrypts the victim’s files and makes them inaccessible. The victim’s files can then only be accessed after the payment of a ransom which often involves a deadline is made to the attacker for a particular decryption key. Ransomware is often spread through phishing emails, adware, malvertising, or through a security flaw that would not even need user action to cause it from happening. In the case of WannaCry, it can spread like a worm.
There are two forms of ransomware currently that are widely used around the world: locker and crypto-ransomware. Locker ransomware locks you out of the basic computer functions, forcing you to pay a ransom to regain control. Crypto ransomware, on the other hand, encrypts sensitive data like documents and important files, threatening to destroy them unless you pay a fee.
How would you prevent ransomware to infect your computer? First and foremost it is very important to practice standard security guidelines such as do not click on links of email attachments or links sent from unknown users, only download applications from trusted sources, try to avoid browsing sites on the internet which are not “HTTPS” encrypted and one of the most important guidelines to follow would be to keep your system and applications up-to-date. The virus can not only affect your root drive but any connected hard drive so it is always a good idea to backup your data, in the case of ransomware it can be very helpful. Make sure that your system has an anti-virus/anti-malware installed on it.
