Ransomware is a malware attack that uses encryption methods to store and hide victim information as a prisoner.
The ransomware malware will encrypt the victim's important data and device with a key that only the cybercriminal has.
To regain access to encrypted files, databases, and applications, victims must pay the ransom demanded by the perpetrators.
Ransomware often spread throughout the network by targeting databases and file servers to knock out systems instantly.
Remember the WannaCry attack that shocked the world in 2017? More than 200,000 computer devices have fallen victim to this ransomware.
The WannaCry attack which caused losses of up to $4 billion US dollars is one of the largest examples of ransomware in history.
So, what exactly is ransomware? Read this article to find out about the meaning, types, and ways to prevent this malware!
{jistoc} $title={Table of Contents}
What is Ransomware?
Ransomware is one of the most dangerous types of malware. This type of malware can lock, damage, and destroy your device data.
In extreme cases, Ransomware can also paralyze the device completely until it can't be used again.
The danger is that anyone and any device can become a target for ransomware, be it Windows PC, Mac, iPhone, iPad, or Android.
According to Osterman Research, 35% of the biggest targets for ransomware attacks are companies and lower-middle-class businesses.
As a result, 90% of these companies often experience downtime. 50% of them were even asked to pay a ransom of $1,000.
Cybersecurity Ventures also predicts that this year ransomware will attack businesses every 11 seconds and result in up to $20 billion in losses.
This is very scary, especially now that ransomware is very easy to spread via spam emails, ads inserted links, and websites containing malware.
When you open that link, the ransomware malware will then start spreading, infecting, and encrypting your files and device.
How Ransomware Works
For how it works, Ransomware uses cryptographic asymmetric encryption which uses a pair of keys to encrypt and decrypt files.
This public and private key pair are uniquely generated on the victim's device by the attacker to encrypt and lock the existing data.
Meanwhile, the private key to decrypt the file will be stored on the attacker's server. Later, the attacker will ask for a ransom to open the data.
There are several ransomware vectors that can be used to access computers. One of the most common delivery systems is spam phishing.
When the file is downloaded and opened, the ransomware will start working and take over the victim's computer through administrative access which can be obtained through social engineering.
In addition, there are many forms of ransomware that are more aggressive.
NotPetya, for example, is a ransomware that exploits security holes to infect computers without tricking users.
Types of Ransomware
Ransomware has different types. Below is an explanation of the two most common types of ransomware: crypto-ransomware and locker ransomware.
Crypto-ransomware
Crypto ransomware is a type of ransomware that encrypts files on a computer.
To restore data to its original state, you need a decryption key which can be obtained after giving some money to attackers.
This type of ransomware is usually spread via email. Some of them are in the form of links that lead to a website or online document.
Meanwhile, the ransomware distributed can be in the form of attachment files such as .doc , .xsl , .xml , .zip , .js , and many more.
But remember, ransomware will only infect your device after you download or run the link or file.
WannaCry (which was discussed earlier) is also a type of crypto-ransomware. Examples of other attacks that fall into this type include:
- TeslaCrypt — a type of ransomware that was first detected in 2015 and targets computer games such as World of Warcraft, Call of Duty, and Minecraft.
- CryptoLocker — appeared in 2013 and targets computers running the Windows operating system. This type can not only infect files on the device's hard drive, but also external storage such as flash drives.
- Locky — first detected in 2016 and capable of encrypting more than 160 file types on a single device.
Locker Ransomware
Locker ransomware (also known as computer locker) does not encrypt files but locks your device completely.
Although it is considered easier to detect and treat than the crypto-ransomware type, most victims feel panic when they receive this malware attack.
The reason is that hackers usually pretend to be government agents or legal authorities who fine you for doing illegal activities on the internet.
That is why you will see the official logo of a legal/government institution followed by a message that you are asked to pay a certain amount of money.
One example of a locker ransomware attack that has ever been launched was Reventon.
In this case, the attacker claimed to be the FBI, the Metropolitan Police Service, or other law enforcement agencies and collected €1 million annually.
How to Prevent Ransomware
1. Avoid Downloading/Opening Suspicious Files
Always be careful in clicking anything on the internet.
If you receive a message containing an attachment from an untrusted source, avoid downloading or opening the file.
Not only that, but you also need to be vigilant in installing applications on your device.
Make sure that you only get software from official sites or trusted platforms such as Google Play, Microsoft Store, App Store, or other official sources.
2. Do a Data Backup
Setting up data backups is one thing that all webmasters must do.
The method is quite easy! You only need to back up important files to external storage such as external HDD, external SSD, USB flash disk, or SD cards.
In addition, also take advantage of cloud storage services that have powerful encryption features and are supported by multi-factor authentication (eg Google Drive and Dropbox).
3. Take advantage of Security Apps/Software
Basically, every device comes with built-in security features to prevent malware, such as Windows Defender (Windows) and XProtect (Mac).
But there's nothing wrong if you consider an antivirus application to prevent and remove all kinds of malware from your device, including Ransomware.
Some of the best options include Bitdefender Antivirus Plus, Kaspersky Security Cloud, ZoneAlarm Anti-Ransomware, and Webroot SecureAnywhere Antivirus.
4. Update the Operating System and Applications on Your Device
Make sure you keep your operating system and app versions up to date regularly.
The reason is that hackers often take advantage of software weaknesses to access your system or network.
To be sure, all types of cybercriminals also continue to develop in terms of quality and method of dissemination.
Here, the latest version of the software can provide a solution by bringing security patches and updates to protect your device from all these threats.
5. Use a Secure Network
Public Wi-Fi networks are often not equipped with good protection so they have security holes that can be exploited by hackers.
Therefore, always avoid using public Wi-Fi when you have to access important data.
In addition, you can also use a VPN application so that your connection is equipped with powerful encryption and protected from cyber-attacks.
Conclusion
In short, Ransomware is a type of malware that is capable of encrypting and locking your files as well as your entire device.
Attackers then charge a certain amount of money as a ransom to get a decryption key or restore your files/device to its original state.
However, the best solution for dealing with ransomware attacks is to take precautions, such as using anti-malware applications, using the latest software versions, and using an internet connection with strong encryption.
Post a Comment