Over the last several years, amongst all of the potential hurdles that consumers face on a daily basis with regards to their online presence. Nothing has captured the attention of the public as much as ransomware has. The mere thought of having your system kidnapped and held for ransom is enough to make all of us run and hide. In this two-part article, we will look at ransomware, what it is, how you can become a victim of it, and how to minimize your risks when you are online.
So what is Ransomware?
According to the Cybersecurity and Infrastructure Security Agency (CISA) of the United States Department of Homeland Security, they define Ransomware as follows: a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Although, Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.
Ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities. Recovery can be a difficult process that may require the services of a reputable data recovery specialist, and although some victims pay to recover their files. However, there is no guarantee that individuals will recover their files if they pay the ransom.
Ransomware 101 – How your system becomes infected
Firstly, Ransomware is often spread through phishing emails that are infected with malicious attachments. When a user receives an email of this nature, all they need to do is “click on” the attachment and the ransomware will automatically install itself within any network device as well as on the endpoint.
But Ransomware can also infect your system through the websites you visit. As we mentioned in a previous article (link to drive-by downloads article), a drive-by download can be installed on your computer when you merely browse a drive-by malware-infected website. This type of scamming tool is particularly insidious because simply viewing the page is enough to cause your system to become compromised. All of this happens in the background, so the user has absolutely no knowledge that it has occurred.
Once your system has been infected, the ransomware will be sent a cryptographic key by the cybercriminals control server; this will be used within the victim’s system to encrypt data files.
Once data has been encrypted; the ransom instructions will then be displayed or sent to the victim demanding a ransom payment to get their data back, and threatening the destruction of said data if payment is not made.
Then, the victim faced with the option of paying the cybercriminal and hoping they decrypt the data (which a lot of times they do not). Or not pay the ransom and run the risk of having their data destroyed.
Ransomware in the News
Recently, it has been reported that Eurofins, Britains largest private forensics provider, paid a ransom to cybercriminals for an undisclosed amount because of a large cyber-attack that paralyzed the company. Eurofins was targeted in a ransomware attack on the second of June this year, which was described as “highly sophisticated.” According to reports on the BBC the company paid hackers in order to reclaim access to their system.
Types of Ransomware
Finally, the cybercriminals have always the same end goal – to extort money from the victim. Below are some of the different types of ransomware and how they are used:
- Cryptoware – This is the most common type of ransomware. In this scenario, the victim’s data is encrypted and held for ransom.
- Lock Screen – The ransomware restricts access to the victim’s data by locking all relevant screens/modules, the underlying data is not encrypted.
- Mobile device ransomware. Ransomware designed to infect cellular phones encrypting or locking all relevant data until a ransom is paid
- Leakware – In this type of ransomware cybercriminals threaten to release hijacked data
- Master Boot Record encryption – This type of ransomware prevents system startup in a live OS environment
In part two of “Ransomware, Kidnapping Your Precious Data,” we will go into more detail as to what ransomware is as well as showing you some best practices that will help you to not become a victim.