Ransomware is a type of malicious software designed to block access to a computer system or computer files until a said amount of money is paid. Most ransomware variants encrypt the files on the affected computer, making them inaccessible, and demand a ransom payment to restore access.
Ransomware code is often not sophisticated, but it doesn’t need to be, because unlike many types of traditional malware, it usually does not need to remain undetected for long in order to achieve its goal. This relative ease of implementation versus high-profit potential attracts both sophisticated cybercrime actors, as well as novice ones to operate ransomware campaigns.
First ransomware was also known as AIDS Trojan or PC Cyborg was written by Joseph Popp in 1989. Its wasn’t harmful as its payload hid the files on hard drive encrypting only file name, claiming as certain license of the piece of software is expired and needed to pay US$ 189 to get a repair tool. A person with good computer knowledge could easily solves this issue therefore it didn’t received any ransom at that time.
Over course of 10 years different variation of ransomware had been popping up but real extortionate ransomware threat hasn’t came into the scene until 2005, when GpCode used weak RSA encryption to hold personal files for ransom.
In 2007, WinLock heralded the rise of a new type of ransomware that, instead of encrypting files, locked people out of their desktops. WinLock took over the victim screen and displayed pornographic images. Then, it demanded payment via a paid SMS to remove them.
In 2013, CryptoLocker re-introduced the world to encrypting ransomware using military grade encryption and stored the key required to unlock files on a remote server. This meant that it was virtually impossible for users to get their data back without paying the ransom. This type of encrypting ransomware is still in use today, as it’s proven to be an incredibly effective tool for cybercriminals to make money. Large scale outbreaks of ransomware, such as WannaCry in May 2017 and Petya in June 2017, used encrypting ransomware to ensnare users and businesses across the globe.
The line between ransomware attacks and data breaches continues to blur in early 2020, with a number of prolific ransomware operators – including Maze, Sodinokibi, DoppelPaymer, Nemty, Nefilim, CLOP and Sekhmet – creating their own websites where they publish the stolen data of non-paying victims, according to cybersecurity firm Emsisoft.
How it works
There are various ways a ransomware can take access of your computer. Most ransomware is delivered via email that appears to be legitimate organization or institution, using social engineering tricks to make you click a link or download an attachment that delivers the malicious software. Ransomware is also delivered via drive-by-download attacks on compromised or malicious websites. Some ransomware attacks have even been sent using social media messaging.
Generally ransomwares are rarely individually targeted, attackers usually blast out the ransomware payload into compromised website or through acquired list of emails. Most common form of ransomware delivery is through Phishing – Spam mail. We have to keep in mind that whether you pays the ransom or not, adversaries will always try to extract as much information as they can such as contact details, username & passwords, payment information if it is available and many more.
How to prevent ransomware
There are a number of defensive steps you can take to prevent ransomware infection. These steps are a of course good security practices in general, so following them improves your defenses from all sorts of attacks:
- Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
- Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
- Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
- And, of course, back up your files, frequently and automatically! That won’t stop a malware attack, but it can make the damage caused by one much less significant.