There can be no two way to the fact that Ransomware has easily become one of the biggest banes of digital security for individual users and enterprises alike.
Ransomware is a malware that locks an infected computer or encrypts its files (converts the files into an unreadable form). It then demands a ransom from the victim to let go off the system or decrypt the files.
The threat of ransomware has been steadily growing over the past few years, with attackers bringing in more sophistication into their attacks. We have outlined 8 important ransomware FAQs for you to know and understand so that you can be more prepared.
Many might suppose that this nefarious malware is relatively new. But, its history can be traced back to 1989. AIDS Trojan is known to be the first ransomware virus; it was created to target the attendees of a World Health Organization’s international conference on AIDS. Although this malware was not technologically advanced and taken down without much effort, it became the forbearer of all the ransomware families that followed. They include:
|Ransomware||Time of occurrence|
|Sypeng and Koler||2014|
|CTB-Locker and SimplLocker||2014|
|LowLevel04 and Chimera||2015|
|Ransom32 and 7ev3n||2016|
There are two primary variants of the ransomware malware.
1. File Encrypting Ransomware – encrypts the data (all types of files including pictures, word docs, spreadsheets, PDFs, videos, etc.) it can find in the computer that it infects.
2. Screen Locker Ransomware – Locks the screen of the infected computer and renders it useless.
Incidences of file-encrypting ransomware are more common than screen lockers. This could be because attackers want their victims to use their computer in order to pay computer their encrypted data.
• The most common medium used by attackers to spread ransomware is email. Victims are sent fake and devious emails loaded with attachments that contain ransomware malware.
• Visiting compromised and infected websites can infect the user’s system with a ransomware.
When a computer is infected by a ransomware, nothing extraordinary happens that can alert the user of the incident. It is when the ransomware displays its ransom note (demanding a certain sum of money) that the user realizes that something is wrong.
The one universal truth about cyber is that they are not biased. Anyone who uses a computer and is connected to the Internet is a potential victim. And this could be a blogger sitting in a restaurant accessing the free Wi-Fi and working on a blog or a big retail organization.
The main reason that makes ransomware a hard nut to crack is the technology they use to encrypt files. Primitive ransomware families used an encryption method which was relatively easy to break. The modern day’s ransomware, however, uses a more complex method to encrypt the victim’s files. Here, criminals have two things – a public key for encrypting the files and a private key for decrypting the files. It is the private key that a victim needs to buy in order to decrypt the files. Without this key, the decryption is impossible.
While the answer is easier said than done, it is strongly recommended never to pay the ransom. Paying extortionists only encourages them. Secondly, it is never guaranteed that you will get back your files even after you have met the ransomware’s demands; after all, you are dealing with crooks with zero morale.
Because it is impossible to decrypt any files without the private key, preventing a ransomware infection is critical. Below are some simple security measures that reduce the risk of ransomware attacks to a great extent.