Ransomware is created by scammers who are highly knowledgeable in computer programming. It can enter our PC through an email attachment or through our browser if we happen to visit a website that is infected with this type of malware. It can also access our PC via our network. The ransomware may also encrypt the computer’s Master File Table (MFT) or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
Encrypting Ransomware, which incorporates advanced encryption algorithms. It’s designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content. Examples include CryptoLocker, Locky, CrytpoWall and more.
Locker Ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer. Examples include the police-themed ransomware or Winlocker.
Another version pertaining to this type is the Master Boot Record (MBR) ransomware. The MBR is the section of a PC’s hard drive which enables the operating system to boot up. When MBR ransomware strikes, the boot process can’t complete as usual, and prompts a ransom note to be displayed on the screen. Examples include Satana and Petya ransomware.
Key Characteristics –
- It features unbreakable encryption, which means that we can’t decrypt the files on our own;
- It has the ability to encrypt all kinds of files, from documents to pictures, videos, audio files and other things user may have on their PC;
- It can scramble our file names, so we can’t know which data was affected. This is one of the social engineering tricks used to confuse and coerce victims into paying the ransom;
- It will add a different extension to our files, to sometimes signal a specific type of ransomware strain;
- It will display an image or a message that lets we know our data has been encrypted and that we have to pay a specific sum of money to get it back;
- It requests payment in Bitcoins, because this crypto-currency cannot be tracked by cyber security researchers or law enforcements agencies;
- Usually, the ransom payments have a time-limit, to add another level of psychological constraint to this extortion scheme. Going over the deadline typically means that the ransom will increase, but it can also mean that the data will be destroyed and lost forever.
- It uses a complex set of evasion techniques to go undetected by traditional antivirus;
- It often recruits the infected PCs into botnets, so cyber criminals can expand their infrastructure and fuel future attacks;
- It can spread to other PCs connected in a local network, creating further damage;
- It frequently features data exfiltration capabilities, which means that ransomware can extract data from the affected computer (usernames, passwords, email addresses, etc.) and send it to a server controlled by cyber criminals;
- It sometimes includes geographical targeting, meaning the ransom note is translated into the victim’s language, to increase the chances for the ransom to be paid.
15 Items to check if we want To Keep Your System Safe from Ransomware –
- We don’t store important data only on our PC.
- We have 2 backups of our data: on an external hard drive and in the cloud – Dropbox/Google Drive/etc.
- The Dropbox/Google Drive/OneDrive/etc. application on our computer is not turned on by default. We only open them once a day, to sync our data, and close them once this is done.
- Our operating system and the software we use is up to date, including the latest security updates.
- For daily use, we don’t use an administrator account on my computer. We use a guest account with limited privileges.
- We have turned off macros in the Microsoft Office suite – Word, Excel, PowerPoint, etc.
- We have removed the following plugins from our browsers: Adobe Flash, Adobe Reader, Java and Silverlight. We set the browser to ask thet we want to activate these plugins when needed.
- We have adjusted our browsers’ security and privacy settings for increased protection.
- We have removed outdated plugins and add-ons from our browsers.
- We use an ad blocker to avoid the threat of potentially malicious ads.
- Wenever open spam emails or emails from unknown senders.
- We never download attachments from spam emails or suspicious emails.
- We never click links in spam emails or suspicious emails.
- We use a reliable, paid antivirus product that includes an automatic update module and a real-time scanner.
- We understand the importance of having a traffic-filtering solution that can provide proactive anti-ransomware protection.