A question that is on the minds of a lot of computer users is "What is Ransomware?" the term is getting thrown around a lot lately and well it's really kind of simple. They hold your data for a ransom but you installed the software that is doing it. Basically, ransomware is a type of Malware that can infect computer systems which will lock out users' access to the infected files and systems. Some of the Ransomware variants will often attempt to extort money from victims by displaying a message that will tell the user that their systems have been locked or that their files have been encrypted.
Users are told that unless a ransom is paid, access will not be restored and they will permanently lose access to those files if the ransom is not paid within a specific time.
The ransom demanded from individuals varies greatly but is frequently less than $400 dollars but must be paid in virtual currency, such as Bitcoin.
Ransomware is often spread through PHIshing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.
Crypto ransomware, a malware variant that encrypts files is typically contracted by opening a malicious attachment from an email however has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. For example, vulnerable Web servers have been exploited as an entry point to gain access into an organization’s network.
Systems infected with ransomware are also often infected with other malware. In the case of CryptoLocker, a user typically becomes infected by opening a malicious attachment from an email. This malicious attachment contains a downloader, which infects the user with GameOver Zeus. GameOver Zeus is a variant of the Zeus Trojan that steals banking information and is also used to steal other types of data. Once a system is infected with GameOver Zeus, Upatre will also download CryptoLocker. Finally, CryptoLocker encrypts files on the infected system, and requests that a ransom be paid.
The authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and users systems can become infected with additional malware. Ransomware displays intimidating messages similar to those below:
Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.