Ransomware is a type of malware that prevents users from accessing their system. It secretly gets installed on the computer without knowledge or intention of the user and restricts their access to the computer system in some ways, and demands that the user pay a ransom to the malware operators to remove the restriction. Hence it is termed as a RANSOMWARE.
A ransomware is also named as a cryptoworm, cryptovirus or cryptotrojan.
It’s a type of malware specially designed by the cybercriminals to extort money from their victims. Ransomware is also considered as the scareware as it forces the user to pay the money by scaring or intimidating them.
What actually happens, a malicious program gets installed to the victim’s computer which either blocks the user access to their system or encrypts the disc leaving a “ransom” message that demands a fee in order to decrypt the files or restore the system.
The following message appears on the screen:
Ransomware gets spread through the e-mail attachments, infected programs, and compromised websites. Attackers extort the money from the victim in the following manner:
• An e-mail is received by the user which seems to be a plausible one, containing an attachment file, like that from a courier company or any other company having invoice.
• Most of the times attachment are in MS Word or Excel file, containing malicious data, a macro. The attachment opened by the user will run macro into the system.
• After this the malicious program gets installed in the system, it downloads a set of ransomware payload from the web address which are accessed with the help of the macros.
• After this macro executes the ransomware installed from those websites.
• Then the program connects to the main/control server of the attacker transferring info of system to them and downloads a public key.
• Certain file types like PDF, CAD, HTML, XML etc. are encrypted on the local computer. All accessible network drives are encrypted using this public key.
• Windows Automatic backups are deleted so that any chance of user to recover their data be eliminated.
• After victim discovers that files can’t be opened or executed. The victim receives a note demanding an amount of money in exchange for the private key. The attacker also warns that if the ransom isn’t paid within a certain date, the private key will be destroyed, leaving the data inaccessible forever.
• The victim is duped into believing that he/she is a subject of a police inquiry. After acknowledging that unlicensed software or illegal web content was found on the computer, the victim has to pay an electronic fine as well.
• The malware only encrypts the victim’s data, nothing else. The kidnapper anticipates that the victim will look for the solution on the internet for fixing the problem. Thus, the kidnapper sells anti-ransomware software on legitimate websites and makes money.
Reason For The Increase In Ransomware Attacks:
• They use sophisticated attack technology. Most of the attachment received are those in Word or Excel format which easily dupes the user making them believe that it’s actually a valid document.
• Security reasons, most of the time security software are not updated or the user doesn’t even have it.
• User permission can also causes the issue.
• Conflicting priorities, many a time user puts data over the security and hence gets busted.
How to stay safe:
• Get a comprehensive security software installed on your systems like the windows defender or any of that software available in the market.
• Always update your system and the security software with the latest patches, this will prevent you to become vulnerable to the attacks.
• Keep off-site backup of all your data, so in case you are attacked you can easily revert your data.
• User can install software such as Microsoft viewer which allows them to look into document without actually opening it.
• Most of the malware these days are in .JS (JavaScript) format, either don’t download it or if it’s necessary open it with notepad.
• It’s better to work as administrator, by this any document or program will have to take administrator/user permission to get execute.
