08 Jul 2021

Ransomware: All You Need To Know

 

What is ransomware?

Ransomware is a type of malware that encrypts the files in a victim’s device. Ransomware attackers install ransomware and then demand payments in order to restore the victim’s access to their files. Such attacks have become more prevalent with the growth of computer and internet usage and the increased use of cryptocurrencies. A new report by cybersecurity company Emsisoft estimated that ransomware demands increased by more than 80 percent globally in 2020.

The origin of ransomware can be traced back to 1991, when a biologist spread PC Cyborg, the first ransomware, through floppy disks. In the mid 2000’s, the first ransomware to use encryption – Archiveus – was found circulating. Police ransomware packages became common in the early 2010’s. Since the 2010’s, a new ransomware trend gained popularity and cryptocurrencies became the obvious choice of payment for cybercriminals.

 

How ransomware works?

Once a user is attacked with ransomware, the attacker demands a payment from the victim to give back access to their files. These payments are usually taken in the form of cryptocurrencies like Bitcoin, ETH etc. Users are given instructions on how to make the payment in order to get access to the decryption key. The costs range from a few hundred dollars to a few thousands. 

One of the most common ways of attacking a victim is through phishing scams. Victims are sent attachments that look like files they can trust. Once downloaded and opened, these files hijack the victims computer. The files then encrypt the user’s files, disabling access to the user. The only way to regain access is by using a decryption key available with the attacker.

Variations in ransomware attacks may also exist. Some attackers pose as law enforcement officers and demand a penalty due to the observed presence of pornography or other illicit material on the users device. A variation called leakware or doxware may threaten to expose sensitive data stored on the victim’s device. However, file encryption continues to be the most common form of ransomware. 

 

Are you a potential victim?

The widespread use of computers without adequate cyber protection has made ransomware scams easier to execute. With more people working from home in the pandemic, use of personal computers is on the rise. While corporate devices are  better protected, the same cannot be said for personal computers.

Additionally, attackers choose their victims based on various parameters. Some might target universities or small companies who have smaller or non-existent security protocols. Others might look at government or law enforcement agencies, who need immediate access to files and might be more inclined to paying off attackers quickly. 

However, irrespective of these categories, ransomware is known to spread indiscriminately across the internet. 

 

Popular ransomware scams

Joseph Popp, who created the first registered ransomware PC Cyborg, is considered to be the father of ransomware. This ransomware was spread through floppy disks that were sent to participants at the World Health Organization’s international AIDS conference in Sweden. It hid file directories and asked victims to send USD 189 to a mailbox in Panama in order to recover the data.

Another popular ransomware, Ryuk, spread mainly through emails. These phishing emails contained dangerous links and attachments that spread through the device. Ryuk was one of the most expensive ransomware in history, with ransom payments exceeding USD 300,000. According to the FBI, Ryuk has caused damages estimated to be over  USD 60 billion worldwide. 

 

Protect yourself 

Ransomware infection can be prevented through simple security practices. Practices like keeping your operating system up-to-date, not installing unknown software and granting it admin rights, installing antivirus and whitelisting softwares, and backing up files frequently can help protect users against attacks. 

If you think your device has been compromised or would simply like to know more about ransomware and cybersecurity, get in touch with our specialised team of cybersecurity specialists.