what is ransomware?

what is ransomware?

Ransomware is malicious software that manifests itself in several different ways, affecting individual systems, business networks, hospitals, airports and government units.

Ransomware has been officially developed since its first appearance in 1989 and is becoming more and more sophisticated. Simple forms are generally unencrypted ransomware, while modern versions make them inaccessible using cryptography methods to encrypt files. Encrypted ransomware can also be used on the hard drive to completely lock a computer's operating system, preventing the victim from accessing them. The main purpose here is to convince the victim to pay the ransom for deciphering. Payments are often requested in cryptocurrencies (Bitcoin or other cryptocurrencies) as they are difficult to trace. However, there is no guarantee that the attackers will decipher in exchange for payments. 

The popularity of ransomware has increased significantly over the past decade (especially in 2017), and as Europol reports ( IOCTA 2018 ) are currently the most widely used malware as a financial cyber attack type.

How is it transmitted?

Phishing: a recurring form of social engineering. Phishing emails in the context of ransomware are one of the most common methods of spreading malware. Victims are usually transmitted through dangerous email attachments or links that seem real. Even having a single victim in a computer network is enough to endanger the entire organization. 

Abuse kits: consists of a package containing different malware and a pre-written exploit code. These kits are designed to exploit problems and weaknesses in software applications and operating systems to spread malware. (Unsafe systems using outdated software are the most common targets)

Malicious ad: Attackers use ad networks to spread malware.

How do you protect yourself from ransomware?

Use outsourcing to back up your files regularly so you can replace the data when a potential infection is fixed

Be careful with email attachments and links. Avoid clicking websites or links of unknown sources

Install a reliable antivirus program and keep your software applications and operating system up to date

Enable the 'show file extensions' option in your Windows settings, so you can easily check the extension of your files. Avoid files with extensions like .exe, .vbs, .scr.

Avoid sites that are not protected by the HTTPS protocol (for example, whose URL starts 'https: //'). However, keep in mind that many malicious websites use the HTTPS protocol to confuse victims, and only the protocol does not guarantee that a website is legitimate and reliable.

Visit Nomoreransom.org, a website built by ransomware lawmakers and IT security companies. The site provides free decipher packs and some preventive measures for users infected with malware.

How does ransomware work

Ransomware is a Trojan designed to extort money from a victim. Often ransomware programs require a fee for canceling the changes that were made by the Trojan program on the victim's computer.

encryption of data on the disk, so that the user can no longer access his files;
blocking access to the device.
Methods for penetrating ransomware onto a computer
The most common ways to install ransomware Trojans are:

using phishing;
by placing malware on a website.
After installation, the Trojan either encrypts the information that is stored on the victim’s computer or blocks the normal operation of the computer, displaying a message requesting payment of a certain amount for decrypting the files and restoring the system. In most cases, a message requesting a money transfer appears when the user restarts the computer after infection occurs.

how does ransomware work

Ransomware is increasingly being used by cybercriminals around the world. However, ransom demand messages and ways to extort money in different regions may be different. For instance:

Fake messages about the presence of unlicensed applications
Such Trojans throw out a message stating that unlicensed software is installed on the victim’s computer. Then payment is required.
Fake Illegal Content Reporting
In countries where pirated software is less common, this method is not very effective. Instead, a pop-up message from ransomware Trojans can mimic a message from law enforcement agencies about the discovery on a computer of content containing child pornography or other illegal content. The message is accompanied by a fine.