What is Ransomware?

Simone Palazzin -

Ransomware is malicious software designed to block its victims from using their own computer system and/or accessing data on it. It does so by encrypting the victim's files, which renders the victim's computer useless and threatens the victim with complete data loss or a hefty fine (presented as a ransom) if payment is not made to unlock the computer.

In this blog, I'll be explaining how ransomware works, and different ways to defend yourself against it.

How Does Ransomware Work?

Ransomware employs asymmetric encryption. This is a type of encryption that encrypts and decrypts files using a pair of keys. The attacker creates a one-of-a-kind public-private key pair for the victim, with the private key being used to decrypt files on the attacker's server. Although, as witnessed in recent ransomware attacks, the attacker may not always make the private key available to the victim after the ransom is paid. It is nearly hard to decode the files being held for ransom without access to the private key.

Email spam campaigns and targeted attacks are common ways for ransomware (and other malware) to propagate. Malware requires an attack vector in order to establish itself on an endpoint. After establishing its presence, the malware remains on the system until its mission is completed.

After a successful exploit, ransomware downloads and executes a malicious payload on the target system. This tool then searches for and encrypts critical files such as Microsoft Word documents, photographs, databases, and other types of data. The ransomware might also spread to other systems and possibly across large enterprises by exploiting the system and network flaws.

After encrypting data, ransomware will demand payment within 24 to 48 hours or the files will be irreversibly destroyed. If a data backup isn't available or those copies are encrypted, the victim will have to pay the ransom to get their files back.

Defend Yourself from Ransomware

Follow these steps to avoid ransomware and lessen the impact:

  • Back up. The easiest approach to avoid being locked out of your important information is to keep backup copies of them on hand, preferably in the cloud and on an external hard drive. This safeguards your data, and you won't be tempted to pay a ransom to the malware creators. Backups won't stop ransomware, but they can help reduce the risks.
  • Secure your backups. Ensure that your backup data is not editable or deletable from the systems where it is stored. Ransomware will hunt for backups of your data and encrypt or delete them, making them unrecoverable.
  • Use updated security software. Ensure that all of your computers and gadgets are protected by comprehensive security software and that all of your software is current. Make sure you update your devices' software frequently, as flaw patches are usually included in each release.
  • Practice safe surfing. Be cautious about where you click. Do not open unsolicited emails or SMS messages, and download apps from reputable sources. This is critical because malware authors frequently employ social engineering to persuade you to install malicious files.
  • Only use secure networks. Avoid using public Wi-Fi networks. Many of them are not secured which could allow thieves to track your online activities. Instead, use a VPN, which will provide you with a secure internet connection regardless of where you are.
  • Stay informed. Keep up with the most recent ransomware threats so you know what to avoid. If you suffer a ransomware attack and haven't backed up your files, know that IT companies have made certain decryption tools available to help victims.
  • Implement a security awareness program. Regularly provide security awareness training to all employees so they can avoid phishing and other social engineering attacks. To ensure that training is being followed, conduct regular drills and examinations.

Ransomware will not disappear any time soon. It is a profitable business for the perpetrators and it's designed to stay that way. Cybercriminals have now latched onto ransomware as the preferred method for stealing money from average users, so people should be prepared for a future filled with malware experts wielding malicious programs that will target their devices.

For now, your best line of defense is staying protected.