Blog Post View

What is Ransomware?

Ransomware is a shorthand way of saying "ransom malware", and much as its name implies, it is a type of malware which denies the user access to a part of their system in exchange for a ransom payment. The creator of such a program reaches out to the victim with a set of instructions (usually to send money in the form of a cryptocurrency or through a credit card) in exchange to regain control over their machine or that part of their system.

Common and Recent Examples

Today, ransomware can be defined in three different types. Scareware, which is basically a hacker or advertisement trying to scare the target user that their machine has been compromised with some malware. Typically, this type of ransomware continues to spam your screen under the pretense that your files are at risk or they claim to have some sensitive information about you after hacking into your machine. It becomes tricky for targets as more often than not, the hacker doesn't have any sensitive information about the target but exposed malware on the target's machine makes it think the whole system is compromised and led the target to believe they had even bigger leverage and control over them and their system to damage the target.

Screen-lockers are another common type that has become prevalent in recent years and this type of ransomware is much more worrisome than scareware. Usually, the victim would turn on their machine and immediately be greeted by a seal of some authoritarian federal police force; like say, the FBI, claiming that the machine was involved in some illegal activities with a message under the seal. At the same time, this message would tell the person that they must pay a fine for the cybercrimes.

The final type of ransomware is encrypting ransomware which is more granular than a screen-locker. At the core of it, the hacker designs the software to encrypt specific files on the system and then prevent a user from accessing these files until the ransom is paid. Typically, this method is the most nefarious because there's no way to recover the files and if the hacker chooses not to, they can hold onto the files even after the ransom is paid; making them gone forever.

Some other very notable and common ransomware attacks are WannaCry, NotPetya, and Locky. WannaCry used a vulnerability found in Microsoft's Server Message Block (SMB) protocol to cripple banks, law agencies, and a slew of other core infrastructures. NotPetya was a later variant of WannaCry which used the same vulnerability while Locky was an email-based variant using a phishing attack. NotPetya and WannaCry can be defined as encrypting ransomware while Locky would be scareware and all three were quite prevalent back in 2017.

Prevention Against Ransomware

First and foremost, in the case of protection against ransomware, one should invest in reliable AntiVirus software such as Norton, MacAfee, and Malwarebytes; a piece of software that protects all of its premium users from the computer virus and malware including ransomware.

Failing that, regular data backups is always a good habit to develop. Utilizing cloud storage with Two Factor Authentication (2FA) for security is a good way to ensure your files are secure. Physical external hard drives or USBs are also good alternatives as well. Also, making a backup of a database would be a good exercise if you own a server.

It's quite a cliche but the age-old truth of ensuring your system is up to date protects your machine from more viruses and threats than many realize. WannaCry, one of the biggest ransomware of 2017, took advantage of a vulnerability found in software that is now outdated. Developing a habit to update your system regularly prevents unforeseen threats from various malware and ransomware, and keeps your system healthy. Utilizing cloud storage and making offline backups of your important data are critical in reducing risk from ransomware.

Related Posts

Share this post

Comments (2)

  • Scott Seong Reply

    We have a customer reporting that their database is wiped, and a new DB is created with the following WARNING message.

    To recover your lost Database send 0.035 Bitcoin (BTC) to our Bitcoin address 1rrDUSKFwdiWaWUZ7C5A98YchsK221dFc and contact us by Email with your Server IP or Domain name and a Proof of Payment. Your Database is downloaded and backed up on our servers. Backups that we have right now: aaa, bbb, ccc, test. Any email without your server IP Address or Domain Name and a Proof of Payment together will be ignored. If we don't receive your payment in the next 10 days, we will delete your backup.

    It is strongly advised not to pay the ransom as paying the ransom may lead to another ransom demand. Also, having to pay the ransom to hackers offer additional motivation for continuing their hacking efforts.

    Aug 22, 2019 at 08:22 AM
  • IP Location Reply

    With some of the major US Cities hacked with ransomware, it's becoming more prevailing and the situation is getting worse. The city of Baltimore, one of 22 US Cities hacked by ransomware, was hacked in May 2019 and asked to pay a ransom amount of $76,000. The city didn't pay the ransom, but it spent more than $5.3M in recovering its data from the attack. Lake City in Florida is one of the few cities to have paid a ransom demand, about $450K in Bitcoin.

    Aug 22, 2019 at 08:32 AM

Leave a comment

All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.

Login To Post Comment