Let’s Identify Ransomware
Ransomware is malicious software for one purpose: to extortion money from its victims. It is one of the most popular criminal business models in existence today, due mostly to the demand from individuals and corporations of the multimillion-dollar ransoms offenders.
Such requests are very simple: pay the ransom, or have severely compromised or completely shut down the operations.
Very often, the first thing that an individual learns about an intrusion is when they receive an on-screen warning that their network data has been compromised and will be unavailable until the ransom is paid. They will be given the decryption key only upon payment to access their data.
Failure to pay could break the key, making the data unavailable forever.
How Ransomware Works
The good news is that ransomware typically does not show up alone. To deliver its payload, it must be enabled, usually via a malicious link or attachment in an email address.
Ransomware generally requires five steps to achieve its aim:
The System Is Compromised
Many ransomware attacks begin life as an exercise in social engineering, usually in the form of an attachment or a malicious connection. The goal is to entice the user to click on those items to enable the malware.
The Malware Takes Control
Once the malware has taken control of the system, it will encrypt all types of files and refuse users access to them.
The Victim Is Notified
To make the ransom payable, the recipient must be aware of the criminal’s demands. Normally they’ll receive notification on the screen at this point outlining the demands and how they can get back in.
The Ransom Is Paid
Once they have access to the system, attackers either define and encrypt those types of files, or deny access to the whole system.
Full Access Is Returned
Attackers return full control to the victim in most situations. It is in their interest to do this; failure to do so would mean that if they did not believe their data would be retrieved, few businesses would be willing to pay out.
Types of Ransomware
Ransomware may only have hit the headlines in recent years, but it is believed that the first ransomware virus appeared as far back as 1998 when the PC Cyborg strain used symmetric encryption to block file access.
It wasn’t until 2012 however that the Reveton worm appeared: the first strain of malware that would keep data hostage until a payment for ransom was made.
In the wild today there are only two forms of ransomware: Crypto ransomware and Locker ransomware. Both prevent data and files from being accessed, usually through encryption.