Ransomware

What is Ransomware?

Ransomware, or malware is harmful software that transfers onto users’ computers by clicking on links, popup ads, websites or email attachments. Once malware has been downloaded, it gives attackers the opportunity to gain access to and control a user’s computer. Attackers can also encrypt users’ data and files, inevitably denying them from gaining access to their system. Once this has been done, attackers will demand a ransom payment to decrypt and unlock the data and files.

Criminals often request small requests at a time to ensure the ransom is paid. Bitcoin has become a very popular form of payment due to its anonymity and inability to be traced. The problem with this kind of extortion, however, is that there is no guarantee that the files will be decrypted once the ransom has been paid.

Ransomware attacks have significantly increased internationally since 2012. In the first 6 months of 2018, for example, there were 181.5 million ransomware attacks. This is a 229% jump in incidents over the same time frame in 2017. Computer security software company McAfee released information in June of 2014 indicating that it had collected more than twice the number of ransomware samples in that quarter than the previous year.

How do Ransomware Attacks Work?

The word “ransomware” characterizes the function that the software performs, which is to blackmail individuals or businesses for financial gain. In order for a successful ransom attack to occur, it first needs to obtain access to the system to which the criminal wants to hold for ransom. The program therefore needs to gain access to the files through infection or via an attack vector.

Malware and virus software share a number of similarities to biological illnesses. As a result of these similarities, identified entry points are referred to as “vectors”, similar to the term used for carries of harmful pathogens in the world of epidemiology. Much like in biology, there are numerous avenues whereby systems can be corrupted and held for ransom. Typically, an attack or infection vector is the way that ransomware gains access to a particular system.

Most Common Ways to Get a Ransomware Infection

The most common ways to get infected by ransomware are:

Email Attachments
A frequent method used by cybercriminals to distribute ransomware is via email attachments sent to individuals and businesses disguised as urgent communications. An urgent invoice that lands up within a business account’s department, for example, is a common technique applied, as cybercriminals are aware that these emails and attachments are generally opened without a second thought.

Messages
A common technique favored by cybercriminals is to target victims through social media. One of the most wide-spread channels used is via Facebook Messenger. Criminals set up accounts that impersonate a particular user’s contact list whereafter attachments are sent from the supposed “contact” to the victim. Once the attachment has been opened, ransomware attacks the system and is used as a tool for blackmail.

Malicious Websites
Certain websites contain malware that phish for sensitive data such as usernames and passwords. This method often requires user interaction; clicking on fake ads, clicking on social media links or entering user information into fake login fields. It is important to ensure that your internet browser is secure and up-to-date.

Infected Removable Drives
It is common for infected USB flash drives to contain malware which can automatically install when you connect the drive to your computer. Ensure your computer runs security scans of removable drives and make sure the autorun feature is disabled.

Malicious Applications and Plugins
Malware creators are known to package their viruses with software that can be shared through third-party websites. Make sure you only download software from official websites and that you carefully read through what you are downloading.

Popups
Another popular ransomware vector is to use online popups. These are designed to impersonate current software popups which the victim already feels comfortable with and will automatically click on.

Types of Ransomware

The main kinds of ransomware that users should be on the look out for are:

• Locker Ransomware This type of malware restricts access to the infected system.
• Crypto Ransomware This is regarded as the most dangerous type of ransomware. Essentially it restricts access to stored data and files. The way it works is it encrypts the victim’s data and demands a ransom in exchange for the decryption key. The problem however is that paying the ransom does not guarantee that the key will be retrieved.
• Mobile Ransomware Mobile ransomware starts with a mobile device and makes its way to a computer. It typically displays a message which claims that the device has been locked due to some type of illegal activity which can be resolved by paying a ransom.

Indications of a Ransomware Attack

Some indicators of a ransomware attack may include:

• Irregular file system activity, such as hundreds of failed file modifications. This could be as a result of ransomware attempting to access your files.
• Increased CPU and disk activity for no apparent reason. This could be as a result of ransomware searching for, encrypting and removing data.
• Inability to access certain files. This can be attributed to ransomware encrypting, deleting renaming or relocating data.
• Suspicious network communications. This can be caused by an interaction between the ransomware and the criminal’s control server.

Protect Yourself From Ransomware Attacks

There are a few easy ways for users to ensure they stay protected from Ransomware attacks:

• Keep your security software up-to-date on your computer
• Never pay a fine, even if you cannot unlock your computer as you’ll be caving in to the criminals with no guarantee that they will unlock your computer.
• A recovery tool generally helps remove ransomware if you have been infected however this may need to be done with the help of a professional and another computer to download the software.

Conclusion

Ransomware is notoriously known as a form of malware that is difficult to identify and protect against. With that in mind, understanding the threats and knowing how to identify them is critical to keeping your information safe. Establishing the correct processes and systems and installing anti-ransomware software will help identify and eliminate any potential threats that could be nearby.