What is Ransomware?
- Therefore Ransomware is a form of malicious software – malware – that encrypts files and documents on anything from a single PC up to an entire network, including servers.
- Victims can often leave with few choices; they can either regain access to their encrypted network by paying a ransom to the criminals behind the ransomware, or restore from backups or hope that there is a decryption key freely available.
How does it work?
Ransomware does not usually appear on its own. It must activate to deliver its payload, usually through a malicious link or attachment in an email. The majority of ransomware attacks start life as a social engineering exercise, usually in the form of an attachment or malicious link.
- The aim is to entice the user to click on these objects to activate the malware. It can be in the form of Media Players, Free Antivirus, Free Checkup tools, Free games, or anything which lures users to click or execute those files.
- Once the users start installing that software or clicked on that link its game-over you can’t remove, you won’t able to open your files, pictures, media, etc, every time you restart your PC a page will be displayed asking you to pay the ransom.
- Once the malware has taken control of the system, certain file types will be encrypted and access will be denied to users.
- For the ransom to be paid, the user must be aware of the demands of the criminals. At this point, they will usually receive a notification on the screen explaining the demands and how they can regain access.
- That’s why its strongly recommended never-ever download any files from unknown emails, websites, or links that you have no idea.
- In the majority of cases, attackers return full control to the victim. It is in their interest to do this; failure to do so would mean few organizations would be willing to pay if they didn’t believe their data would be restored.
Types of Ransomware
There are effectively two types of ransomware today: Crypto ransomware and Locker ransomware. Both prevent access to data and files, usually through the means of encryption.
- Cryptolocker is better known for encrypting the user’s files and requires a payment later to open it.
- Whereas locker ransomware it usually targets Word, text, and PDF files.
- Once all the files infected, the user can no longer access them and demands money to restore the files.
- More types of Ransomware are notorious and some of them use military level encryption which is very hard to detect.
- I am just going to list a few of that famous and notorious ransomware and their impact.
This ransomware first appeared in May 2017 and has left the major mark in the history of cyberattacks. WannaCry brought down more than 200 000 systems across 150 countries, causing financial losses of more than $4 billion. This, for sure, makes it one of the most notorious examples of ransomware attacks in history. Some countries like the USA, the United Kingdom, and Australia were one of its victims.
Petya and NotPetya Ransomware
The Petya cyber attack happened in 2017 and it mostly targeted against Ukraine, but later got around as usual ransomware. The overall damage Petya and NotPetya have caused estimated at more than $10 billion, which makes it, probably, the most destructive attack in history. It can destroy the operating system by overwriting the original data. Petya infects the entire computer system.
From my point of view personally this is the most lethal ransomware I’ve ever heard or read about. This virus started its way in 2018 tho It targets big organizations and other high-value figures, using military encryption algorithms that are extremely hard to decrypt but we can’t say it can also make an impact on individual users. This ransomware means what experts call “Targeted ransomware.” It means that hackers choose their victims and attack them. The victims are usually the enterprises who have a lot to lose and will be willing to pay whatever hackers ask to get their data back.
What makes things worse is that Ryuk can stay silent for weeks or months to gather more information and maximize their impact. Also, the virus identifies and enumerates the network shares and deletes the virtual shadow copy. This means hackers can simply ban the Windows System Restore option. Therefore, if you don’t have an external backup, you may not be able to recover your files without paying a ransom. As no reliable decryptor for Ryuk ransomware is available.
This is why the organizations and users must have confidential data to have regular external backups and use ransomware detection services that can inform you about the malware occurrence.
SECURITY MEASURES YOU SHOULD ALWAYS TAKE
- Use new versions of Windows. Microsoft doesn’t roll out patches for the old OS like Windows 8, Windows XP, Windows 7 & old Server platform(2003 & 2008)which makes them the main target of many ransomware strains.
- System updates created as an answer to the newest threats, so always look for updates on your computer regularly.
- Don’t rush to click. Take your time to think when you see an email that seems even a bit weird or unexpected. Build Email Protections and Endpoint Protections
- Keep Backups automize your security for the cloud data using a ransomware blocker + backup service.
- In case of an attack, it identifies and blocks the source of the attack, stops the encryption process, and recovers all encrypted files from the last backup.
- All the above steps will increase your knowledge about Ransomware and how you can protect yourself from Attack.
- Please share your valuable feedback about this article.