“Ransomware” may be a term familiar to many; however, there are still a lot of people out there who do not have a very clear idea of what ransomware exactly is. As we can understand by the name itself, ransomware involves the use of ‘ransom’ to carry out the practices it requires.
Ransom refers to the sum of money demanded or paid for the release of a captive. Similarly, ransomware is a subdivision of a virus in which the information on a targeted user’s computer is locked, usually by encryption, and payment is demanded before the ransomed data is decrypted and returned to the victim.
The reason for ransomware attacks is usually monetary, and unlike other types of viruses, the targeted user is usually informed that he has been ‘attacked’ and is given specifications for how to recuperate from the attack. Payment is often demanded in a virtual currency such as bitcoin so that the cybercriminal’s identity remains concealed. A simple way to understand ransomware is to compare it to the way ransom is demanded in abduction cases, but in this case, it is an attack on data or information.
Ransomware malware is transmitted via venomous email attachments, spoilt software apps, infected exterior storage devices and damaged websites. An accelerating number of invasions have used remote desktop protocol and other perspectives that don’t depend on any type of user interactivity.
In a lock screen modification of a ransomware invasion, the malware may alter the user’s login details for a computing device. In a data abducting attack, the malware may encrypt files on the damaged device, as well as other interrelated network mechanisms.
While early occasions of these invasions sometimes purely “locked” access to the web browser or to the Windows desktop – and did so in ways that often could be fairly easily reverse-engineered and reopened. Hackers have since created versions of ransomware that use strong, public-key encryption to deny access to files on the computer.
To probe deeper into what ransomware is, we can also look at some notable examples of ransomware attacks. Starting off, if we look at ‘GoldenEye’ we can see the ransomware attacks which happened in Ukraine. It hit the national bank, state power company and Kiev’s largest airport on June 27, 2017. These attacks were driven by GoldenEye ransomware, which is considered a blend of Petya and another ransomware, called Mischa.
GoldenEye will save computer systems from being booted up and from targeted user’s reclaiming any stored data. When the user reboots, instead of Windows they could see a skull and crossbones splash screens with a ransom demand. Similarly, ‘Locky‘ is as vicious as ransomware can get. Locky’s inventors seem to have thought of everything, not only encrypting a variety of data files, but even Bitcoin wallets and Windows Volume Snapshot Service (VSS) files in case users attempt and retrieve files using that.
It extends to attached shares and even other computers and servers. It uses strong encryption and has found numerous high-profile victims. Other examples may include GandCrab, Cryptolocker and WannaCry, just to name a few.