Ransomware is a type of malicious software which is designed to block access to a computer system by encryption of files until a sum of money is paid. It is akin to kidnapping and asking for ransom with the difference that here, your data is at risk. Usually even if you pay-off your data, personal and professional stands at a very high risk of misuse.
They can target any PC users, ranging from a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider. Use a dedicated software that provides ransomware protection to prevent the effects like:
- Unable to use operating system.
- Encryption of files rendering them useless.
- Stop running of certain apps like web browsers, text editor etc.
Though ransomware are widespread over the internet but America leads the data for most detections of ransomwares. Check the graph below:
How does Data Kidnapping happen?
There are various sources by which a ransomware can enter a computer system. Common penetration techniques include:
- Spam and social engineering
- Direct drive-by-download or malvertising through emails
- Malware installation tools and botnets
A few years ago when ransomware first made appearance on the domain, computers got infected from attachments containing infections. Sometimes users were lured to a compromised website by a deceptive e-mail or pop-up window. However, newer variants of ransomware are known to spread through removable USB drives or Yahoo Messenger, with the infection disguised as an image. Nowadays rampant use of torrents and p2p file downloading, ransomware can be spread just like a conventional virus.
Each ransomware can be engineered to operate differently. However, common traits include complex messages and hidden launch mechanisms meant to avoid early antivirus detection. Malware uses techniques to prevent detection and analysis like using obscure file names, modifying attributes or operate under the act of a legitimate program or service.
Over time ransomwares’ communication protocol has been upgraded to HTTPS from HTTP which makes network traffic monitoring almost impossible. It sometimes incorporates additional layers of defense which makes the data unreadable and hence prevents detection.
Once the computer gets infected, the ransomware starts encrypting files using its own algorithm, it displays a bitcoin address or a fake paypal account address where a specific fund needs to be transferred, when the transfer is made, and confirmed a key is displayed which is used to decrypt the files back to its original state.