Technology Blog »

What is Ransomware?

What is Ransomware?

A question that is on the minds of a lot of computer users is "What is Ransomware?" the term is getting thrown around a lot lately and well it's really kind of simple.  They hold your data for a ransom but you installed the software that is doing it. Basically, ransomware is a type of Malware that can infect computer systems which will lock out users' access to the infected files and systems. Some of the Ransomware variants will often attempt to extort money from victims by displaying a message that  will tell the user that their systems have been locked or that their files have been encrypted.

Users are told that unless a ransom is paid, access will not be restored and they will permanently lose access to those files if the ransom is not paid within a specific time.

The ransom demanded from individuals varies greatly but is frequently less than $400 dollars but must be paid in virtual currency, such as Bitcoin.

How users typically get a Ransomware Infection

Ransomware is often spread through PHIshing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.

Crypto ransomware, a malware variant that encrypts files is typically contracted by opening a malicious attachment from an email however has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. For example, vulnerable Web servers have been exploited as an entry point to gain access into an organization’s network.

Not All Ransomwares are CryptoLockers but will often invite the CryptoLocker

Systems infected with ransomware are also often infected with other malware. In the case of CryptoLocker, a user typically becomes infected by opening a malicious attachment from an email. This malicious attachment contains a downloader, which infects the user with GameOver Zeus. GameOver Zeus is a variant of the Zeus Trojan that steals banking information and is also used to steal other types of data. Once a system is infected with GameOver Zeus, Upatre will also download CryptoLocker. Finally, CryptoLocker encrypts files on the infected system, and requests that a ransom be paid.

Using Psychology on their Victims

The authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and users systems can become infected with additional malware. Ransomware displays intimidating messages similar to those below:

  • “Your computer has been infected with a virus. Click here to resolve the issue.”
     
  • “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”" width="320">
  • “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.

Best Practices to Prevent Ransomware

  • Get training for you and your staff on how to recognize an email scam. Click here to download the US-CERT's White Paper on Recognizing and Avoiding Email Scams
     
  • Employ an advanced hosted email filtering service or use a MSP to provide Managed Email Security such as DCS SpamControl that will Blocks spam, viruses and volume-based attacks before they reach the corporate network
     
  • Keep your operating system and software up-to-date with the latest patches. Older applications become vulnerable applications and operating systems that aren't kept up to date are most often the target of most
    attacks. By ensuring that you keep these patched and up-to-date with the latest patches greatly reduces the number of exploitable entry points available to an attacker.

     
  • Maintain up-to-date Anti-virus software, and scan all software downloaded from the internet prior to executing.
     
  • Restrict users’ local administrative permissions to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent
    malware from running or limit its capability to spread through the network.

     
  • Work with a reputable IT Support Provider that employs a Proactive Defense In Depth service model such as Delaney Computer Services, Inc.