What is Ransomware?

September 2016

The term ransomware refers to a computer threat that aims to extract money from its victim. This form of digital racketeering is designed to take hostage of a user’s documents, or even overtake a computer in order to attain a ransom.

This article will introduce you to the basics of each type of ransomware, and give you instructions on protecting yourself against these computer viruses.

An Introduction to Ransomware

There are two main types of ransomware: WinLock and Crypto Ransomware. WinLock is a type of non-encryption ransomware known as a ransomware trojan. This computer malware prevents access to Windows systems by displaying pornographic images on a user’s screen before asking victims to send a ransom via text message. Crypto Ransomware is a ransomware strain used to hijack your documents by encrypting them, changing their extensions, and then relaying a message to a user that contains payment instructions. Payment is often made through Bitcoin using the TOR browser.

WinLock and Crypto Ransomware

The first type of ransomware is called WinLock ransomware.

The use of WinLock ransomware was rampant between the years 2010-2014, with the attacks hitting a peak in 2011. After 2012, the ransomware attacks began to dissipate. Crypto Ransomware made routine appearances throughout 2014 before launching a major attack in 2015. There are several major variants of the WinLock ransomware to be aware of.

Cryptowall is a dangerous variant of ransomware that has affected over 6 million computers worldwide to date.

CTB Locker was a strain of ransomware that gained most notoriety in the year 2014. CTB Locker is much less virulent than Cryptowall, but does infect computers at a very rapid rate.

TeslaCrypt is a type of ransomware trojan that affects computers with certain video games installed. This ransomware was very active in 2015, but attacks have slowed in 2016.

Ransomware Locky initially appeared in mid-February 2016. This strain of ransomware would access your computer by sending you garbled word documents, and asking you to turn on macros to unscramble them.

Here’s an example of a Cryptowall ransom request:

Once a computer is affected, ransomwares will encrypt all documents on local drives; they will encrypt all documens on removable disks, if inserted (USB keys, external hard drives, etc.); and they may even attempt to encrypt all network resource documents such as a network drive. This is exceedingly problematic for businesses, which then have to relay information of the security breach to all of their clients.

How Ransomware is Distributed

Crypto-Ransomwares use two methods for distributing themselves on a grand scale. These methods are quite similar to those used by traditional computer viruses and trojans.

The most common method used to spread ransomware is through malicious emails, whereby an attacker sends out a mass email with either a Word, JavaScript, or zip file attachment that contains the ransomware. Upon opening the document, users are susceptible to the virus. You can protect yourself against this type of ransomware by disabling the Windows Script Hosting.

Another common method of spreading ransomware is through plug-ins. This is commonly done by suggesting that a user’s software is not up to date, and providing a link to a malicious “update” for the user to install. The best way to avoid these types of attacks is to keep your software as up-to-date as possible.

There are, of course, a number of common ransomware variants. OMG Ransomware and .Crysis Ransomware are two strains that have been known to specifically target businesses by taking over their servers and encrypting their files.

What to Do If You’ve Been Infected by Ransomware

If your computer has been infected by ransomware, there are several steps you can take to rid your system of the ransomware and save your files.

Start by disconnecting all removable media. Next, clean your computer by using an anti-malware software (we recommend Malwarebytes). The recovery of encrypted documents is normall impossible, but you can still attempt to recover your files using recovery software such as Recuva or PhotoRec, or by restoring your computer to an earlier operating system.

Protect Yourself Against Ransomware

As you can see, ransomware is an extremely vicious threat that can do significant damage to your computer. To avoid falling victim to a ransomware attack, ensure that any files you download are from trusted sources, and remain vigilant when surfing the internet. We also recommend making backups of important documents.

For more information on ransomware, and how to protect your computer, please read our article and tutorial.

Image: © Martial Red – Shutterstock.com

Related :

This document entitled « What is Ransomware? » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.