Skip to content
  1. Kennisbank
  2. Security
  3. What is Ransomware?

What is Ransomware?

Crypto-ransomware is a malicious program that destroys files’ contents in the local storage of a computer or mobile device through data encryption to extort money. Once infected, the device displays a vivid alert to create panic and incline them to pay the stated fee.

The encrypted files are rendered useless due to restricted access. The hackers who carry out the “attack” develop a decryption key shared with the victim, but only after paying the ransom fee they demand.

The hackers usually ask for payment in cryptocurrency to keep their tracks covered. The most preferred cryptocurrency is Bitcoin. It accounted for 98% of ransomware payments in the first few months of 2019.

Why Ransomware uses Bitcoin?

Economists link increased demand for Bitcoin with ransomware. The ransomware scare forces companies to purchase Bitcoin to make payments when demanded. Among other reasons, ransomware could explain the rise of Bitcoin’s price from around $ 3 000 in 2019 to $19 000 in 2020.

Hackers prefer Bitcoin over any other cryptocurrency for ransomware for several reasons;

Availability

With a debit or credit card, one can conveniently buy Bitcoin from any crypto exchange. The convenience and availability increase the probability of paying the ransom.

Pseudo-anonymity

Blockchain transactions don’t link to a bank account, and trailing a hacker is close to impossible. Using a decentralized currency without a central regulating body, the hackers can successfully keep their identities hidden.

Ease of Confirmation

When users post Bitcoin transactions, they appear on the public blockchain. The cybercriminals can easily confirm that the victim paid the ransom.

Different forms of Ransomware attacks

The system could get infected with ransomware in several ways.

Emailing is a common one where emails carry infected links and attachments. The emails use deceptive language to woo ransomware victims into downloading and opening attachments or links. The links direct the victim to a “document” that is indeed a crypto-ransomware.

The most common file formats used are Microsoft Word, Microsoft XSL, XML documents, and zipped folders.

When the ransomware gets to the local storage of the computer, it encrypts the user’s files. The encryption may be partial or complete depending on the type of malware attack. The victim is confronted with a notification that their data can only be decrypted and re-accessed if they send a Bitcoin ransom to the hacker.

Ransomware attacks also take the form of scare tactics. The hackers could pretend to be law enforcers and threaten to disable the computer for reasons like pornographic content or pirated software if the victim doesn’t pay a “fine.” In such a case, the victim would be afraid to report the incident to the authorities. However, this method is not rampant because it takes time and effort to find information to pin down a victim.

Ransomware like NotPetya is a notch higher in terms of infection since they exploit system weaknesses to find their way to systems without the need for deception. So always keep your system up to date.

Exploit kits like Angler and Nuclear embedded on websites also present other crafty ways of spreading crypto-ransomware. The kits scan a website visitor’s computer system for loopholes and weaknesses that it can exploit. If it finds a point of weakness, it auto-downloads and runs on the device.

These big companies were attacked in 2020:

Paying the ransom

Though authorities argue against paying the ransom, a victim is usually under pressure to pay the ransom due to the compromised files’ importance. The pressure is even more immense when corporate data is at stake. Some businesses confess to stockpiling Bitcoin in their crypto wallets in case they suffer the fate of ransomware.

When the victim receives the hacker’s demands and decides to pay the ransom, the first step is purchasing Bitcoins.

The currency gets transferred to the hacker’s Bitcoin wallet through a Bitcoin exchange. The hacker confirms the transfer through an email or Tor site and then provides a decrypting key for the victim.

However, the payment of the ransom is not a guarantee for the restoration of the files.

Criminals use Bitcoin tumbler or Bitcoin mixing service to mix the Bitcoin proceeds from the illegal ransomware practices with other Bitcoins to confuse detectives who may follow the trail. The two services help hackers launder Bitcoin from dirty sources by boosting the anonymity of the funds.

Security measures against ransomware

It’s essential to embrace general security practices that secure your systems from a range of online threats like ransomware.

Ensuring that your operating system’s programs stay patched up with the latest updates seal almost all vulnerabilities that invite hackers to exploit.

Always scan software for viruses and establish its source and function before installing it. Until then, never grant it administrative privileges.

It’s vital to install an antivirus, to warn you of any incoming system threats like ransomware. A whitelisting software comes with the added advantage of blocking the execution of untrusted applications.

However, the said preventive measures occasionally crumble in the face of expertly programmed ransomware. It’s vital to set up a frequent data backup routine to safeguard against the loss of all your valuable data.

Data recovery and ransomware removal

If you find out that your system got infected with ransomware, don’t sit back and watch. The situation may get worse.

If the attacked device is part of a local area network, disconnect it promptly. Doing so keeps the ransomware from spreading to other devices.

However, it’s important to scan all the other devices in the network to exclude the possibility of the same infection. Conducting quick research about the recommended remedy for the type of ransomware that infected your machine is crucial at such times.

Decrypting the compromised data is highly technical and may not work every time. If the hacker doesn’t provide a decryption key, the only way forward would be to format the device, reinstall the operating system, and recover the lost data from a clean backup.

For some (old) ransomware attacks there are decryptor tools available on the internet.

Summing up

It’s important to note that data loss through ransomware is possible. With the growing number of internet users, the threat will only increase.

Thus, computer users need to practice caution. It’s crucial to avoid links whose source and utility you’re oblivious to. Users should steer clear of suspicious doc, docx, XSL, XML, and zipped folder files.

Moreover, larger institutions with sensitive data like hospitals, schools, and government agencies need to be extra alert. In such institutions, timely data access is crucial. Hackers are more likely to target them due to their likelihood of paying the ransom.

Leave a Reply

Your email address will not be published. Required fields are marked *