Ransomware explained: How it works and how to remove it
Ransomware is a type of malicious code that encrypts a victim’s files. After the victim has paid the ransom, the attacker demands access to the files.
Instructions are given to users on how to pay the fee to obtain the decryption keys. Cybercriminals can pay thousands of dollars for the decryption key.
How ransomware works
Ransomware can use a variety of methods to gain access to a computer. One of the most popular delivery methods is Phishing Spam — attachments sent to victims in an email pretending to be filed they trust. They can be downloaded and opened by the victim, particularly if they include social engineering tools to trick users into giving them administrative access. Other ransomware, such as NotPetya exploits security holes to infect computers.
Although there are many things that malware can do to the victim’s computer once it has taken control, the most common is to encrypt all or some of the files. The Infosec Institute provides a detailed look at how ransomware encrypts files. The most important thing is to understand that the files can’t be decrypted unless the attacker has a mathematical key. A message is displayed to the user explaining that the files are now inaccessible. The attacker will decrypt the file only if the victim makes an inexplicable Bitcoin payment.
Some forms of malware may pretend to be a law enforcement agent shutting down a victim’s computer because it contains pornography or pirated programs. The attacker may also demand payment of a “fine” to deter victims from reporting the attack to authorities. Most attacks do not use this pretense. Another variant is leakware and does ware. In this case, the attacker threatens to make public sensitive data stored on the victim’s hard drives if a ransom payment is not made. Encryption ransomware is the most popular type of ransomware, as it is very difficult for attackers to find and extract such information.
Who is a potential target of ransomware?
There are many ways that attackers choose which organizations to target with ransomware. Sometimes, it’s just a matter of chance: attackers may target universities due to their smaller security teams and diverse user base who do a lot more file sharing. This makes it easier for them to penetrate their defenses.
Some organizations, on the other hand, are more attractive targets as they are more likely to pay a ransom in a short time. Government agencies and medical facilities, for example, often require immediate access to files. Some law firms and other sensitive organizations might be willing to pay for the silence about a compromise — these organizations could be particularly sensitive to leak attacks.
However, don’t think you are safe if your information doesn’t match these criteria. Ransomware can spread automatically and randomly across the internet.
How to stop ransomware
You can take a variety of steps to stop ransomware infection. These are good security tips and will help you defend against all types of attacks.
- To ensure that you are less vulnerable to attack, keep your operating systems up-to-date.
- Don’t Install Software or Give It Administrative Rights Unless You Know What It Is and Does.
- Antivirus software detects ransomware and other malicious programs as soon as they arrive. Whitelisting software prevents unauthorized applications from running.
- And, back up your files often and automatically! While it won’t prevent a malware attack from happening, it can help to minimize the damage.
You will need to take back control of your computer if it has been infected by ransomware. CSO’s Steve Ragan created a video showing how to do this with a Windows 10 computer.
You can see all of the details in the video, but the most important steps are:
- Reboot Windows 10 to Safe Mode
- Install antimalware
- To find ransomware, scan the system
- Restore your computer to its previous state
Here’s what you need to remember: although these steps will remove malware from your computer and allow you to restore control of it, they won’t decrypt your files. If the malware is extremely sophisticated, it will be impossible to decrypt them without the key the attacker has. You have effectively ruled out the possibility that the attackers will be able to restore your files if you remove the malware.
Facts and figures about ransomware
Ransomware is big business. Ransomware is a big business. The market has grown rapidly since the beginning of this decade. In 2017, ransomware caused $5 Billion in losses. This includes ransoms paid as well as lost time recovering from attacks. This is 15 times more than in 2015. This is 15 times more than 2015’s.
Ransomware is more common in certain markets than others, and some markets pay a ransom. Ransomware is more common in certain markets, such as hospitals and other medical institutions. Attackers know that these organizations are more likely than others to pay a ransom to fix the problem. It is estimated that 45 percent of ransomware attacks on healthcare organs are targeted, and 85 percent of malware infections at healthcare organizations are ransomware. Another lucrative industry? Another lucrative industry is the financial services sector. Willie Sutton once famously said that this is where the money is. In 2017, 90% of financial institutions were hit by ransomware attacks.
Your anti-malware program won’t always protect you. Ransomware is continually being updated by its creators, so anti-virus software won’t always catch its signatures. As many as 75% of ransomware victims were that had up-to-date protection for infected machines.
Ransomware isn’t as common as it once was. The good news is that ransomware attacks have been declining, even though they were still very common in the early ’10s. In the first quarter of 2017, ransomware attacks accounted for 60% of malware payloads. Now it’s only 5 percent.
Ransomware in decline
Why is there such a big dip? It’s a decision made by the cybercriminal based on bitcoin as their currency of choice. It’s not easy to extract ransom money from victims. They might not pay or they might not know enough about bitcoin to do so.
Kaspersky explains that the decline in ransomware was matched by an increase in crypto mining malware. This infects the victim’s computer and uses it to create (or mine in cryptocurrency parlance). This is a great way to use someone else’s resources to obtain bitcoin. It has become more attractive since the spike in bitcoin prices in 2017 and 2018.
However, this doesn’t mean that the threat is gone. There are two types of ransomware attackers. The first is the “commodity” attack, which attempts to infect computers randomly by sheer volume. Criminals can rent “ransomware-as-a-service” platforms. The second is targeted attacks, which target particular market segments or organizations. Even if the ransomware boom is over, you should still be vigilant if you are in this latter category.
The price of bitcoin has dropped over 2018 and attackers may be able to shift their cost-benefit analysis. According to Steve Grobman (chief technology officer at McAfee), using ransomware and crypto mining malware can be a business decision. “As cryptocurrency prices fall, it’s normal to see a shift back (to ransomware].