What Is Ransomware

September 10, 2018 / mcacao

Ransomware is one of the most dangerous cyber attacks that can be launched by hackers against an organization, an individual, or a group of both. It is a malware that prevents the users from accessing their network, computers and other devices, and/or their files. It literally locks down laptops, tablets, servers, and all other equipment related to them, paralyzing operations of the victim and holding all his data hostage. Online documents, images, videos, spreadsheets and all other forms of data are encrypted and stored away, and made subject to the hacker’s use. The hacker will release all these captive IT elements only if the victim succumbs to his demands and pays him the amount of money he is asking for. An encryption key will be sent to the victim upon payment. Once this key is inputted into the system, the entire IT infrastructure goes back into operations mode and all its files again will be made accessible to the users.

Failure to pay may lead to the indefinite paralysis of all IT operations. Or worse, the hacker can damage the systems, delete the files, and/or sell them to other criminal parties. Credit card information, for example, can be used to pay for another person’s purchase, or a hacker’s ‘client’ can use stolen medical records to avail of an insurance which the legitimate account holder will end up paying.

Ransom money takes the form of bitcoin or other crypto-currency which would be hard to trace. Some hackers have asked for gift cards from iTunes or Amazon. The average amount demanded by cyber thieves from their individual victims has risen from $294 in 2015 to $679 in 2016. They demand a lot more from organizations with ransom ranging from $10,000 to $40,000. The highest ransom money extorted from multi-national corporations was $150,000.

How a Ransomware Attack Happens

A ransomware hacker launches his attack in various ways. One of the most frequent is sending the virus through an attachment in an email sent to the user or an employee in the organization. Once the attachment is clicked open, the malware is released and begins infiltrating the system. Another form has an email invitation asking the user to open or click on a website that turns out to be malicious because it carries the malware. Again, clicking on that site will expose the user to the malware. Other more resourceful hackers can do away with email and instead probe for intrinsic flaws in the IT system of the organization itself. Once they spot a vulnerability or a weak link, they send the malware to exploit it. Ransomware then embeds itself  in the system and begins locking down files and devices.

The user or employees usually do not realize what is going on until the ransomware attack fully reveals itself. All of a sudden, spontaneously, all the devices affected by the attack stop working. The screens of the infected desktops and laptops light up with a startling image such as pornographic shots or laughing faces of cartoon terrorists. The image also bears the message of the hacker, telling his victims that all their files and devices have been held in ransom. The screen message also instructs the victims what they should do in order to retrieve their files. It also informs them of the consequences of failure.

Different Kinds of Ransomware

Ransomware has become a preferred means of extortion by hackers because of the fast way it delivers its payload, and the intensity by which it can scare the victims into paying up. Compared to other cyber attacks, ransomware is a way to get ‘easy money.’ This aspect has made hackers continually develop various forms of ransomware in order to keep themselves one step ahead of the authorities, and bypass or neutralize the preventive measures of their victims. Some of the different kinds of ransomware are as follows:

  • Locker Ransomware: Users cannot log in to their computers. The hacker’s message comes in the form of an FBI icon with a text saying that the victims are being punished for doing illegal activity. It gives them instructions on how to deliver the ransom. Sometimes, even though the ransom is paid, the hacker still leaves a program that renders the victims open to further cyber breaches. One example is keystroke logging, or the theft of passwords by tracing the typing movement being done by the user on his computer.
  • Crypto Ransomware: This is the most common and yet lethal form of ransomware that hackers use to bring down organizations. Files are encrypted in a key which the hackers tell the victims will be destroyed unless they pay the ransom. One variant of the Crypto Ransomware makes it difficult for the IT manager or the user to detect which of their files had been encrypted or rendered vulnerable.
  • Torrent Locker: This malware spreads the infection by harvesting all the email addresses found in the victim’s database and server. It then sends an infected spam message to the recipients, asking them to click on a supposedly important attachment which actually contains the ransomware.
  • Locky: Locky deceives its users by presenting itself as a code within the Microsoft Office. It appears as a macro that informs its user that it has been designed to make certain Office programs run more efficiently. However, once the user clicks on that macro button, the ransomware is set loose and starts to infect the system.
  • WannaCry: This recent attack infected hundreds of thousands of computers around the world by targeting a flaw in the Microsoft Office software.
  • Mac Ransomware: This malware is the hackers’ response to the claims of Apple designers that the Mac is impenetrable to viruses and other forms of hacking. It takes three days to capture and encrypt all the files. Then it sends a challenge to the user, offering to decrypt one file to prove that his system has indeed been held captive, and that the hacker has the power to restore his files or destroy them.


How to Protect Yourself from Ransomware

User training and education, a backup and recovery system, and software tools that can detect and/or prevent a ransomware attack can combine to stop your system from being held hostage by a cyber hacker.

Training and education

  • Workshops and seminars given by highly qualified IT security experts or organizations can enable employees and users to reduce the risks of a ransomware attack. After the training, the staff would be able to identify spurious infected email, and stop performing work processes that can expose the system’s vulnerability to hackers, e.g. outdated plug-ins.

Backup and recovery system

  • A backup and recovery system that is located on the cloud and/or another place removed from the actual workspace can help the user or organization retrieve his documents and go back to operations shortly after an attack. Placing backup copies on these locations and spaces that are not subject or vulnerable to the cyber attack is one foolproof way to ensure that no data is ever lost. Even if the hacker were to destroy the encryption key or damage the data, the user can always access and restore his information through his backup copies.   This is not to say that a backup and recovery system mitigates all the damage that ransomware does. Restoring the files through this backup will not be instantaneous and can take days or even weeks. This downtime can translate into reduced sales, decrease of consumer confidence, slow down of operations, and decline of quality in customer service.

Anti-virus software

  • The right anti-virus software can reduce the risks of a ransomware attack and can even prevent them from happening. It scans vulnerable entry points such as gateways, messaging systems, emails, and user nodes. It has the ability to detect a hacker’s ongoing attempt to encrypt files and folders, and block them accordingly. During an actual attack, it can apply first-aid measures that will prevent the malware from spreading further. The most effective anti-virus softwares also provide protection for data loss through backup and recovery.

Posted In: