In today’s world, Cyber-attacks are becoming much more covert and sophisticated in nature. Gone are the days when an attacker was content with simply deploying a Trojan Horse virus to secretly see what is going on in your computer. They are now bent on a destruction of the end user’s machine, and even launching Botnet style attacks in order to infect and destroy thousands of other computers in the process.
There is a new trend occurring these days: Cyber attackers want to hold your computer hostage until you literally pay a ransom payment. This kind of attack is known as “Ransomware.”
“(Ransomware) is a type of malware that prevents or limits a user’s access to their computer system, either by locking the system’s screen or by locking the user’s files unless a ransom is paid.”
So, as you can see from the definition, Ransomware is literally virtual kidnapping. You cannot access anything on your computer unless you pay that ransom which is demanded by the Cyber attacker. But the caveat here is that the Cyber attacker does not want to be paid in the normal currency – rather he or she wants to be paid in terms of a virtual currency, like Bitcoin.
How Ransomware is Deployed:
There are two primary ways in which your computer can get infected with Ransomware:
1. Via MalSpam:
This is essentially a spam e-mail that comes into your inbox, but it contains a Malware based .EXE code that will launch itself once the attachment is downloaded and opened up. These types of attachments are typically .DOC, .PPT and .XLS files. You can also get Ransomware by clicking on a phony link in the content of the e-mail message. The techniques of Social Engineering are very often used to make the e-mail look like it is authentic and coming from either a trusted, legitimate organization or personal contact.
2. Via Malvertising:
This is when a Cyber attacker uses online advertising in order to capture the unwitting attention of the end user and ensnare them into clicking on a genuine looking hyperlink. If this does happen, then the servers that are used by the Cyber attacker will collect details about the soon to be victim’s computer, and where it is geographically located. Once this has been accomplished, then the Ransomware attack is subsequently launched. Malvertising very often makes use of what is known as an infected “iframe”. This is actually an invisible webpage element, and will redirect the end user to an authentic looking landing page. From there, the malicious code is deployed onto the end user’s computer.
Types of Ransomware Attacks:
As the name implies, this kind of attack is merely designed to scare or frighten you. These kinds of attacks primarily make use of annoying pop-up messages. One of the most “famous” is the pop-up which claims that some sort of malware has been detected on your computer, and to get rid of it, you must pay a small ransom. You will know if you have been hit by this kind of attack if these pop-ups keep constantly appearing. The only way to get rid of it is to install anti-malware software, such as the ones available from Norton and Kaspersky.
2. Screen Lockers:
This is the next step in terms of attack severity. With this, your computer screen locks up, and as a result, you are completely frozen from accessing your files and folders. To make matters worse, the message that appears will typically have an FBI, Secret Service, or a Department of Justice official seal, to make it look like you have been caught doing some sort of illicit activity online. To unfreeze your screen, there will be a message stating that you have pay a hefty fine. But keep in mind that these government agencies would never ask you to pay up. Probably the best way to get your screen unlocked is to take it to a local Geek Squad to cleanse your computer of the Ransomware. If this doesn’t work, you may have to get a new computer all together.
3. Encrypting Ransomware:
These are deemed to be the worst kind of attack. In these instances, the Cyber attacker will steal your files and encrypt them with a very complex mathematical algorithm. To get your files back, the Cyber attacker will demand a large amount of money, paid by Bitcoin. Once they get this money, the attacker will claim that they’re sending you the decryption key to not only retrieve your files, but to unscramble them into a decipherable state (making them like they were before they were hijacked). This usually never happens, because once you pay up, the Cyber attacker will often disappear. Since you have paid with a virtual currency, there is no way of tracking them down either (unlike paper currency, where you can use marked bills for these purposes).
It is important to keep in mind that these are just some of the very basic concepts of what Ransomware is all about. A future blog will go into more detail, as well as the steps in which you can take to protect yourself.
In the meantime, if you have any questions, please contact us!