Back to home page

Ransomware

What is ransomware?

A ransomware attack is a sophisticated attack technique where the hacker takes control of a computer, locks its data, and demands a ransom from the victim promising to restore access to the data upon payment. The payment is usually demanded in the form of cryptocurrencies like bitcoin to hide the identity and location of the attacker.

How does ransomware find its way into systems?

Ransomware typically enters a network through a phishing email and spreads laterally throughout the network by installing malicious software.

How ransomware works

Once ransomware finds its way into a system, it encrypts the data in that system. The attack uses simple encryption algorithms using the same encryption and decryption key. However, the strongest ransomware uses public/private key cryptography. By using separate keys for encryption and decryption, the user will not be able to recover the files unless the attacker provides it once the ransom is paid.

Types of ransomware

Encryption ransomware

Once attackers gain access to the system, the malware locks access to the system and starts encrypting files. Once this happens, no security software or system restore can return them, unless the victim pays the ransom in exchange for the decryption key. Even if victims do pay up, there’s no guarantee that cybercriminals will give those files back.

encryption-ransomware

Screen-locking ransomware

Upon starting the computer, a window will appear, often accompanied by an official-looking FBI or US Department of Justice seal saying illegal activity has been detected on your computer and that your system will remain unstable unless you pay the amount that’s demanded in the notice.

screenlocker-ransomware

How to respond to a ransomware attack

Disconnect: This is done to avoid the spread of the infection to the rest of the network. Identifying and disconnecting the infected device from the internet and any other devices is necessary for the safety of the company's network.

Cleanup: Some instances of ransomware can be removed by using antivirus or anti-malware software.

Recover data using backups: By reinstalling the operating system and restoring files from your backups, you’ll be back in business with your most important files again.

Report the crime: Contact law enforcement to report that you have been the victim of a ransomware attack. Knowing more about victims and their experiences with ransomware will help law enforcement determine who is behind the attack and how they are identifying or targeting victims.

How to prevent ransomware

There are several ways to prevent ransomware attacks from occurring.

  • Stay on top of updates: Use the latest version of the operating system and software, including the most current security-related updates.
  • Be aware: Never click on links or open attachments in unsolicited emails. Follow safe practices when browsing the internet.
  • Take regular backups: It's important to back up data on a regular basis. It is recommended to follow the 3-2-1 rule for maintaining backups: keep three total copies of your data, in two different mediums, with one copy stored off-site. If you’ve effectively backed up your data, you will be ready to recover all the company files and avoid downtime, data loss, and revenue loss.
  • Detect: Most importantly, you should invest in a ransomware detection and mitigation tool to recognize potential attacks and alert administrators in case of any anomalies.

Ransomware attacks that caught the entire world's attention

Here is a roundup of the five most popular ransomware exploits that occurred in recent years.

WannaCry

WannaCry first surfaced in 2017 and affected hundreds of thousands of computers in as many as 150 countries, including many systems in the National Health Services (NHS) of England and Scotland.

Petya

Petya has been active since 2016 and has infected organizations in Ukraine and Russia before spreading to companies in South America, the US, and Asia. This malware prevents users' access to the entire hard drive by encrypting the master file table (MFT) so that the file system becomes unreadable and Windows won't boot at all.

CryptoLocker

CryptoLocker was launched in late 2013. It is designed to attack the Windows operating system by encrypting all the files in the system using a public key, which can be decrypted using a unique private key. The virus will display warning screens indicating that the data will be destroyed if users do not pay a ransom to obtain the private key.

Locky

Locky is a kind of ransomware that was first released in 2016. The attackers send ransomware-infected emails demanding payment through an invoice in the form of a tainted Microsoft Word document that runs infectious macros. The malware directs the user to a malicious website where it demands the user to pay a heavy ransom to unlock the encrypted files.

TeslaCrypt

TelsaCrypt was first detected in 2015; it targets files of computer games such as game saves, user profiles, recorded replays, etc. Once encrypted, the hackers demand a ransom from the victim within a time limit. When the victim pays the ransom, they can download a decryption key that will restore their files, otherwise they are permanently lost.

Ransomware is simple to create and distribute, and offers cybercriminals an extremely low-risk, high-reward business model for monetizing malware. Combine that with how most companies and people are unprepared to deal with ransomware, and it's no wonder why ransomware has become the second-most pressing cybersecurity issue worldwide.

Share:

Latest DoS and DDoS attacks

Latest Brute force attack

Latest Crypto ransomware

Latest Advanced persistent threat (APT)

Compliance violation

Stay In The Know

Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.

Please enter a business email id
 

By clicking 'I’m interested', you agree to processing of personal data according to the Privacy Policy

+

Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
  •  
  •  
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.