What is Ransomware?

For people who work with their computers on the net, you’ve probably been prompted more than once to protect your computer from different malware especially Ransomware. You might understand that malware is a harmful program that can destroy your computer system, but what exactly is this malware called Ransomware that you keep hearing about? You could have heard about it at the office or read about it in the news.  Your computer’s security system or firewall might have sent you several warnings of a Ransomware infection. If you can’t stand being in the dark anymore and you want to know exactly what this “ransomware” is, then you’ve come to the right place. In this article, I’m going to tell you all the things you need to know about ransomware. When you’re done reading this, you’ll definitely know what ransomware is, how it works and how to deal with it.

What is ransomware?

Ransomware, AKA  Ransom malware is a special type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. This a very dangerous programme that has its roots all the way back in the late 1980s. Back then, the ransom payment was to be sent via snail mail. Today, ransomware authors can request their payments through untraceable credit cards or sent via Crytocurrency.

How ransomware works

Ransomware has a number of techniques that it can use to enter and infect a computer.  The most common and easiest way for ransomware to enter a computer is through a phishing scam. Phishing scams are a special type of cybercrime in which hackers contact you while posing as a legitimate institution or organization in an attempt to get you to provide sensitive or private information. In the case of ransomware, the Phisher makes the victims download the malware as attachments that come to the them in an email, masquerading as a file they should trust. If these files are downloaded and opened up, they immediately take over the victim’s computer. Usually, these malware have built-in social engineering tools that trick users into allowing administrative access. There are other, more aggressive ways that ransomware can spread, like NotPetya; they exploit security holes to infect computers without needing to trick users.

Once the malware takes over the computer, they start performing various actins. However, the most rampant thing they do is to encrypt some or all of the user’s files. The method of encryption with ransomware is generally different than normal methods, but one thing that is the same everytime is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. When this process is complete, the victim then sees a message that explains that their files are now are now inaccessible and will only be decrypted if the victim sends an untraceable payment like  Bitcoin or something like that to the attacker.

 There are some other ways that the attack comes in. Sometimes the attack goes like this; the attacker might claim to be a law enforcement agency shutting down the victim’s computer due to the presence of pornography or pirated software on it, and demanding the payment of a “fine,” perhaps to make victims less likely to report the attack to authorities. Most attackers don’t bother doing this as most malware is untraceable. There is another way that is used where the attacker threatens to publicize sensitive data on the victim’s hard drive unless a ransom is paid; these type of attacks are called leakware attacks. Finding these files are usually difficult so most attackers don’t use this method. 

Who is a target for ransomware?

The victims and the attackers can be random as there are a number of  different ways attackers choose the organizations they target with ransomware. Sometimes, they just opt for easier jobs with lower levels of security. Some attackers are lazy and might target universities because they tend to have smaller security teams and a disparate user base that does a lot of file sharing, making it easier to penetrate their defences.

There are also more skilled attackers that might see bigger organizations as tempting targets because they seem more likely to pay a ransom quickly. The most common are government agencies or medical facilities; places that often need immediate access to their files, these organizations will be able to pay quickly. There are also organizations with sensitive data may be willing to pay to keep news of a compromise quiet like law firms. These organisations are especially vulnerable to leakware attacks.

Some of us might not fit into this category but this doesn’t mean you are safe from ransomware.  You can still be attacked because ransomware spreads automatically and indiscriminately across the internet.

Ransomware attack prevention

If you want to protect yourself from ransomware threats then you have to take certain preventive measures. 

  • Always back up your computing devices regularly and update software, especially antivirus software.
  • People should always be vigilant and avoid clicking on links in emails from strangers or opening email attachments.
  • There are some ransomware attacks that may be nearly impossible to stop. With this in mind, all individuals and organizations  should endeavour to make proper backups on separate devices so that damage is minimal and recovery is as quick as possible.
  • Companies should try to keep up-to-date storage snapshots outside the primary storage pool and enforce hard limits on who can access data and when access is permitted.
  • Even if you get infected, should do all you can to avoid paying ransoms. Contact your internet security provider first because there’s a chance that you won’t get your files even if you pay

Removing ransomware

Once a computer has been infected by ransomware, there is no guarantee that victims can stop the ransomware attack and regain their data. Luckily, there are some instances where some methods can work. For example, you can shut your system down immediately and reboot your computer into safe mode. This halts the activation of all 3rd party applications. Hopefully, including the malware. In safe mode, you can install an antimalware program, scan the computer and restore the computer to a previous, non-infected state. You could also use the default OS procedures to restore your system from a backup stored on a separate disk.