14 January 2021

What is Ransomware? How it works

What is Ransomware

Ransomware is a dangerous form of malware and digital threat. There’s usually some kind of ransomware headlining in the news around the world and those who are the victims are often at a loss as to what to do next.

Essentially, ransomware will infect an individual computer and one of two things can happen: first, it locks the computer, stopping all access to it from the keyboard, then it starts to search for data and encrypt the contents of the hard drive. Lastly it infects the boot sector of the computer and displays a message detailing the type of ransomware and how the individual will pay for the release of the data; the message can even have fake FBI warnings included with it.

Alternatively, and the second thing that may happen once a system is infected, the ransomware will lay in wait until a set time and date, then do all of the above and lock the computer. Waiting for a set time will ensure that numerous machines are infected before any fix can be discovered; also if all the infected machines are activated at the same time then there’s more of a chance of the attacker getting their ransom paid. You normally have a set time in which to pay the ransom, usually 72-hours. If the victim doesn’t pay in time, the attacker can introduce a second phase into the ransomware code that will either increase the amount demanded or completely destroy the files that are being held at ransom.

Ransomware can be spread in a number of ways. The more popular choice of delivery is via an infected web page, some form of Flash script that has been hijacked and now contains a link to a remote server where the browser will unwittingly download the ransomware code. More recently there are instances of Drive-by attacks, where the ransomware code locates any USB sticks a user may have in their system and transfer itself in the knowledge that the stick will be inserted into a work’s computer.

The WannaCry ransomware attack earlier in the year was by far one of the most prevalent in recent years. It’s estimated that more than 250,000 computers across 200 countries were infected.

How to prevent Ransomware?

  • Keep Windows Defender turned ON. Else buy a premium internet security suite with added Ransomware protection. It is important to keep the definitions updated.
  • Always update your Windows through Windows Update. Apply latest security updates when they release.
  • Never insert a random USB stick. Ensure the drive is clean before inserting into personal computer.
  • Never pay ransom as the data is anways locked. There is no guarantee that you would receive your files with integrity. Also there is a chance the threat actor might install another backdoor during payment process for further ransom.
  • The most important and effective method is to keep secure backups of your data. No system or security solution is foolproof. But your backups are definitely there for you if it is stored in secure method. Always backup to media which is not connected to your computer.

Like this article? Share the knowledge.