Site icon Panda Security Mediacenter

What is Ransomware?

Ransomware is a type of malware that locks users out of their computer systems and encrypts their files, giving attackers control of any personal information stored on victims’ devices. Cybercriminals then threaten to withhold victims’ sensitive data until a ransom is paid—hence the “ransom” in ransomware.

How Does Ransomware Work?

The defining feature of ransomware is that it’s used as an extortion tool, and there are a variety of ways cybercriminals exploit this type of malware to gain access to victims’ devices. One of the more common vehicles for ransomware is a phishing email campaign—victims are sent emails containing malicious attachments from a seemingly trusted source, which infect their computer once they’re opened.

After successfully taking over the victim’s computer, attackers go on to encrypt some or all of the user’s files, like Word documents, PDFs, images, databases and so on. The ransomware may also exploit entire network vulnerabilities, which can spread to other connected systems and even across entire organizations.

At the end of the process, the attacker sends the victim a message explaining their files are now compromised and can only be decrypted if a ransom is paid. The ransom is most often requested in the form of an untraceable Bitcoin payment to be paid to the attacker.

Who Is a Target for Ransomware?

Ransomware targets might be individual consumers, small and medium-sized businesses or larger enterprise organizations. How criminals choose their targets usually comes down to a matter of opportunity. For instance, they may go after groups with smaller security teams like universities due to their weaker security defenses and high levels of file sharing.

Another common target is organizations that are more likely to pay a ransom in a timely manner. Government agencies, banks, law firms and medical facilities all fall into this category, since they’d likely need immediate access to sensitive client files and would be more willing to pay a ransom if it means keeping news of an organizational security breach quiet.

Finally, it’s common for criminals to target large corporate entities in the hopes of landing a bigger payout. Ransomware attacks in this category are usually focused on enterprises in the United Kingdom, the United States and Canada due to greater wealth and a high volume of personal computer use.

Types of Ransomware

While there are countless strains of ransomware, most attacks fall under two main categories: crypto ransomware and locker ransomware.

The severity of the threat posed by a ransomware attack will depend on the variant of ransomware being used, and resolution methods will differ depending on the type of malware at play.

Ransomware Examples

While ransomware has only been around for a few decades, it’s made rapid developments in the last five years thanks to the increasing availability of untraceable payment methods like Bitcoin. Here are some of the worst offenders to date.

1. CryptoLocker

CryptoLocker was one of the first widespread ransomware attacks that used public key encryption. This 2013 attack put the modern ransomware age into motion and compromised up to 500,000 machines between 2013 and 2014. Payment was demanded in the form of Bitcoin or a prepaid voucher, and at the time experts believed the malware being used was impenetrable.

By 2014, a security firm finally gained access to a server involved in the attack and successfully recovered the encryption keys that were being held, but the attackers still managed to extort close to $3 million before they were shut down.

2.WannaCry

WannaCry was a 2017 attack that spread across over 150 countries targeting security vulnerabilities in Windows software. The attack infected 230,000 devices worldwide, locking users out of their computers until a Bitcoin ransom was paid.

The WannaCry attack functioned by exploiting an operating system vulnerability that was found to have been present long before the attack, and the event ultimately shed light on the issue of outdated security systems. Globally, WannaCry caused an average of $4 billion in financial losses.

3. NotPetya

NotPetya was a global 2017 attack that primarily targeted Ukraine. It was initially believed to be a new strain of Petya ransomware—a form of malware that infects a target computer, encrypts its data, and demands a bitcoin ransom to recover the files. However, NotPetya was later deemed an entirely new strain of ransomware known as a wiper, whose sole purpose is to destroy the compromised data instead of returning it for a ransom.

4. BadRabbit

BadRabbit was a strain of ransomware that infected media companies across Russia and Eastern Europe in 2019. The attack was carried out through the spread of a fake Adobe Flash update that infected victims’ devices upon downloading, directing them to a payment page where a Bitcoin ransom was demanded. Unlike the NotPetya attack, the BadRabbit attack allowed for decryption if the ransom payment was received.

How to Protect Against a Ransomware Infection

As with any cybersecurity threat, prevention methods are almost always better than finding a cure once it’s too late. Follow the prevention best practices below to mitigate the chances of an attack.

 

How to Respond to a Ransomware Attack

If you’ve suffered a ransomware attack, time is of the essence and it’s important to act as quickly as possible. There are a few steps you can take to minimize damage and hopefully recover quickly from the attack.

 

Can Ransomware Be Removed?

Ransomware removal depends on the type of ransomware you’re dealing with, and you’ll need to have security software already installed prior to the attack—but in some cases removal is possible. Here’s what you can do:

If you’re unable to perform the above steps, the only remaining option is to reset your computer to factory settings. For further assistance, it’s best to contact your device’s tech support.

Ransomware poses a significant threat to consumers and companies alike, and attackers are carrying out increasingly sophisticated attacks as technology advances. When it comes to protecting yourself, prevention is almost always better than a post-attack cure—this means that educating yourself on ransomware and how to use your devices safely is essential to prevent an attack. For increased security, be sure to have antivirus software on all of your devices to reduce the chance of an infection.

Exit mobile version