Posted in Security

Everything you always wanted to know about ransomware

Ransomware is a relatively new type of online crime where criminals remotely hijack a computer, and demand ransom to return the computer to the owner. The scheme usually works so that criminals, located wherever they have internet access, manage to install a piece of software into a target computer. The malicious program code encrypts all the data stored on the computer. To decrypt the data, the criminals require money.

Reports of recorded ransomware cases indicate that individuals are asked to pay hundreds of dollars where as large organizations are asked to pay millions of dollars, but criminals may settle for sums in tens of thousands of dollars.

As long as computer virus programs have existed, computer users have been warned not to download and install applications from unknown sources. An entire industry was born to protect businesses, public organizations and home users from computer viruses.

I certainly oversimplify the ransomware threat, and simply state that it is just a new kind of computer virus. The biggest difference to traditional virus programs is that the sole purpose of ransomware is to extort money from the victim.

Yet, the fundamental requirement for the criminals to succeed is the same. They have to be able to infiltrate the target computer.

So, protecting a computer from harmful programs and having up-to-date backup data readily available are still the key actions that all computer users can do to avoid becoming victims of ransomware.

The first question many people ask when they hear about a ransomware case is: did they pay the ransom? Some organizations silently pay, but others have made a decision not to pay. For organizations, recovering data from backup copies means a lot of work. If a plan has been prepared, it is not an impossible task.

Computer security specialist Sophos has published a report that examines ransomware programs and attacks in detail. For instance, the reseachers have identified three type of programs:

  • 1.Cryptoworm – A program that replicates itself to other computers.
  • 2.Ransomware-as-a-Service (RaaS) – A ransomware program sold on the dark web markets as a kit. These packages allow people with little technical skill to attack computers. They are typically deployed via spam e-mails, via silent downloads, or semi-manually by automated active adversaries.
  • 3.Automated Active Adversary – Attackers use automated tools to scan the internet for IT systems with weak protection. When such systems are found, the attackers quietly infiltrate the system and plan the ransomware attack.

You can read the entire ransomware report at Sophos Lab web page.

Leave a Reply

Your email address will not be published. Required fields are marked *