What is a Ransomware and how does it work
Ransomware is a dangerous, malicious software that takes control of the individual’s computer and either threatens to block the user from accessing their information or to publish their private information on the internet unless a certain ransom is paid. Ransomware dates back to as early as 1989 but has only recently started causing a global pandemic. In most cases, the ransomware encrypts the user’s data and gives the decryption key only after the user pays the cyber-criminal, preferably in cryptocurrency.
In a specific glaring example, the WannaCry ransomware attacked about 230,000 computers worldwide in over 150 countries using 20 different languages to threaten users to pay a specified amount in Bitcoins. The ransomware demanded the US $300 dollars per computer in exchange for the decryption key. This demonstrates the destructive power of ransomware.
There are two main types of Ransomware, however, with time, many others have emerged. Some of the major ransomware types are-
- Encrypting ransomware-Encrypting ransomware uses advanced encryption algorithms that block the system files of the individual’s computer from accessing and asks for a ransom in exchange for the key that ultimately unlocks the computer. Some examples of such ransomware include- Cryptowall, Crypto Locker, and
- Locker ransomware- This type of ransomware blocks the victim’s operating system including files and applications from being accessed and unless an amount is paid, the computer cannot be unlocked by any means. Some examples of such ransomware include Satana and Petya.
- Mobile ransomware- With the advent of smartphones and its increased usage and global penetration, ransomwarehas started proliferating on mobiles too. Mobile ransomware typically targets the Android operating system. It is distributed as an APK file that can be downloaded and installed thus leading to its inception.
- Leakware- Leakware was also known as Delaware, threatens the userwith publishing the information online rather than just denying access.
How does a ransomware work?
A ransomware (or any other computer virus for that matter) acts just like a biological virus. The only difference is that in the biological instance, the victim is an unfortunate living being while in the scenario of the computers, the victims are individual machines or a group of machines.
After the attacker is successful in infiltrating the computer, they generally change the wallpaper giving specific instructions on the amount and mode of payment. The price for the ransom rises exponentially if the payment is not done on time.
The ransomware spreads through many ways some of which are mentioned below-
- Spam emails, attachments and links
- Malvertising campaigns
- Self-propagation capabilities, i.e. the ransomware can spread from one computer onto the next
- Reputed websites that have infectious codes injected into their web pages in the form of advertisements and pop-ups
The malwareeconomy has improved over time and has always been successful in infiltrating several computers at a time and coupled to that the fact that many software has high vulnerabilities has made ransomware so successful.
Ransomwareis extremely dangerous and not to be taken lightly. They can be prevented using an updated version of the operating system or using a good antivirus or a healthy combination of both.