You’ve probably heard about it in the news or read about it on social media. You might have even seen a notification on your computer screen telling you about such an infection. But have you ever wondered what ransomware is and what this ransomware craze is all about?
Well, if you are dying to know everything about ransomware, then you have come to the right place. Read on to know what ransomware is, its history, some examples of it, and how to remove it.
What is Ransomware?
Ransomware, or ransom malware, is a type of malware that keeps users from accessing personal or system files. In order to regain full access to files, users need to give a ransom payment.
According to the earliest records of ransomware in history, the first strain was developed in the late 1980s. It was known as AIDS or PC Cyborg. Once a computer is infected, it would encrypt the files in the C directory. After a minute or two, the infected computer automatically reboots and the victim will no longer be able to access his/her files. To regain access, the victim is asked to send $189 to the PC Cyborg Group.
Back then, the payment was only made via snail mail. You can just imagine how slow the process of data retrieval was. But today, attackers ask victims to send their payments via cryptocurrency or even credit card.
Over the past decade, ransomware entities have greatly evolved. What used to be obvious malicious attacks has quickly become invisible yet destructive.
The Common Types of Ransomware
Ransomware entities are sorted into different types, but the most common ones are as follows:
Contrary to its name, scareware isn’t really as scary as it sounds. This type of ransomware includes tech support and security software scams where victims receive a pop-up message notifying them that a malware entity was discovered and that the only way to get rid of it is to pay a certain amount.
If the victim chooses to do nothing, then he/she will be bombarded with more pop-up notifications, but in truth, all files are safe.
2. Screen Locker
Do you think your computer has been infected by the screen locker type of malware? Then stay alert. When this ransomware attacks, your computer could be frozen entirely.
When you start up a computer infected with screen locker malware, a full-size window appears. It usually comes with a message telling you that illegal activity has been detected and that you must pay a fine.
In 2007, screen locker ransomware became popular. It encrypted files and locked people out of their devices. It took over the victim’s screen, displaying pornographic materials. To remove them, the attackers demanded payment.
Five years later, another strain of screen locker ransomware was released. It would lock out the desktops of poor victims, showing them an official-looking page displaying credentials of law enforcement agencies. This ransomware was called Reveton. It would claim that the victim committed a crime, such as downloading illegal files or being involved with child pornography. To regain desktop access, the victim would be asked to pay $100 to $3000.
Well, here’s what victims didn’t know. The FBI won’t freeze a computer or ask for payment for any illegal activities. So, if you are asked to shell out even a small amount, then be suspicious.
3. Encrypting Ransomware
The encrypting ransomware is among the nastiest types of ransomware to date. It is designed to steal your files and encrypt them. To decrypt them, attackers also require payment.
So, what makes this type of ransomware dangerous? No, it isn’t because of the fact that cybercriminals will get hold of your important files in exchange for a ransom. In most cases, your files are already gone. This means even if you decide to pay, there is no guarantee that you get your files back.
3 Most Dangerous Ransomware Examples
Here are some of the biggest and most dangerous ransomware entities that can tell a very good story of how ransomware has evolved over the years:
The TeslaCrypt ransomware targeted ancillary files that were associated with video games, such as World of Warcraft, Call of Duty, Minecraft, and World of Tanks. These files, which include maps, downloadable content, and saved game data, are so important to hardcore gamers that they would do anything to retrieve them in case they’re gone. Victims of the ransomware were asked to pay a ransom of $500 worth of bitcoins to get the decryption key for the files.
In late 2015 and early 2016, Android ransomware attacks spiked almost four times. One of the most aggressive was SimpleLocker. It was the first-ever Android-based attack that encrypted files and made them inaccessible to users without the help of the attackers. Although the creators of the ransomware were from the Eastern European region, most victims were from the United States.
In 2017, ransomware called WannaCry caused hospitals and radio stations to shut down. Its first major attack was described as the worst ransomware attack in all history. On May 12, 2017, the ransomware began its attacks in Europe. Four days after, Avast detected over 250,000 cases in 116 countries.
How a Computer is Infected by Ransomware
There are many ways that ransomware can infect a computer. However, the most popular method is through so-called malicious spam, where unsolicited emails are sent to unsuspecting victims. These emails usually include harmful attachments, such as Word documents and PDFs, as well as links to malicious sites.
To entice users into clicking and downloading these attachments, attackers use social engineering. This means, in order to trick victims into sending money, they make the email appear as if it is coming from a trusted friend or institution.
Another popular infliction method is malvertising, or malicious advertising, which involves the use of online advertising to spread malware. What makes this method scary is that it attacks users even without user interaction. As users browse the web, they can be unknowingly directed to malicious and criminal servers. These servers will then collect information from the victim’s computer.
For malvertising to work, attackers use invisible web page elements like infected iframes that redirect to a fake landing page that contains malicious code.
A Typical Ransomware Attack
Here’s what happens during a ransomware attack:
Stage 1: Infection
After the ransomware has been delivered to the victim’s system via infected applications or email attachments, it will install itself on the computer or any device it accesses.
Stage 2: Generation of Cryptographic Keys
The ransomware contacts the command center or the server. And then, cryptographic keys are generated to be used on the device.
Stage 3: Encryption
The ransomware begins to encrypt all the files it can find on the network or on the device.
Stage 4: Demand for Ransom
After the encryption work, the ransomware demands a ransom payment. It threatens the victim with data destruction if payment is not made.
Stage 5: Unlocking
Paying the ransom doesn’t guarantee the retrieval of files. The victim can pay the ransom, but the decision whether to send decryption keys or perform more attacks depends on the attacker.
Do you suspect that your computer is infected by ransomware? The number one rule you should follow is to never pay the ransom. Doing so will only encourage cybercriminals to perform more attacks. Instead, here’s what you should do:
Step 1: Prevent the spread of the infection
Isolate the infection first to keep it from spreading across other files, shared storage, or the network.
Step 2: Identify the ransomware
Based on the error messages you are seeing or perhaps using identification tools, identify what malware strain is attacking you.
Step 3: Know your options
There are many ways to deal with the infection. Depending on the type of ransomware that you are dealing with, you should know which approach works for you. You can pay the ransom, try to get rid of the malware using third-party tools, or reinstall your system from scratch. Again, it’s really a bad idea to pay the ransom. Even if you pay, it’s still possible that you won’t get your files or data back.
Step 4: Use backup files
If your files seem to be no longer accessible, use backup files to restore your system to a previously working state. That’s the least you can do.
How to Prevent Ransomware Attacks
Ransomware is a profitable avenue for cybercriminals. So, it’s possible that the world will encounter new strains of ransomware in the near future. To keep yourself and your sensitive information protected, prevention is the key.
So, how can you prevent ransomware attacks? Everything starts with you. Do the following, and you can rest assured that you are protected against ransomware attacks:
1. Always back up your data
The most important thing you should do to protect your computer against ransomware is to regularly perform a system backup.
2. Do not open spam emails
Emails are among the most popular means of delivering ransomware. Thus, no matter how enticing the subject of the email is, as long as you don’t know where it came from, do not open it. Avoid downloading suspicious email attachments, too.
3. Update your OS and apps regularly
Make sure that your operating system, software, and other apps are up to date. Outdated software and apps can be used by cybercriminals to send ransomware to your computer.
4. Use strong passwords
Prevent identity theft by using unique and strong passwords for different accounts. If possible, use a reliable password manager to store all your login credentials.
5. Install anti-malware software
You may not appreciate the use of anti-malware software today, but in the future, you definitely will. So, have it installed on your PC today. With trusted anti-malware software, you can run a quick real-time scan and identify any potential threats hiding on your system.
Ransomware has quickly become one of the biggest problems on the web. As it continues to evolve, it is only crucial for each one of us to understand what it does and all the threats it poses. So, act now. With caution and prevention, you can always prevent the spread of ransomware infection.
Have you ever been attacked by ransomware? Share your story below!