How does Ransomware work?
Ransomware is a type of malicious software that infects a device, or network with the purpose of extorting a ransom from the owner, or company. It is for this reason that Ransomware is sometimes also referred to as Extortionware.
During a Ransomware attack, it will typically encrypt some or all the files on the infected devices, preventing users from gaining access to these files.
Once encrypted a decryption key is needed to decrypt the files. The cyber criminals will then demand a ransom to restore access to the infected devices, as only they have the encryption key needed to restore access.
Although file encryption is the most common form of Ransomware, there are variations. In some instances, Cyber Criminals may also gain access to confidential information with Ransomware. They will threaten to release this confidential information unless a ransom is paid. This form of ransomware is called Leakware or Doxware.
Another form of Ransomware is a variation like Cryptolocker, that locks the screens of the infected devices, effectively denying the users access to the devices until the ransom is paid.
Is Ransomware a Computer Virus?
People often ask what type of computer virus ransomware is. Ransomware does not conform to the definition of a computer virus. It is therefore technically not a Virus. Ransomware and computer viruses are both forms of Malware, which is the general term used for malicious software.
How does Ransomware get into a Network or on your Computer?
The most common delivery system, like with most Malware, is as an attachment on an email that has been cleverly disguised appearing to be a legit email. These email messages are usually worded in a way that implies a sense of urgency or exploit natural curiosity in human nature.
Users are then tricked into opening the infected attachment. The malicious attachment can be in various formats. These include formats like ZIP files, PDF, Word and Excel to name but a few.
Ransomware can also be delivered by tricking users into downloading the malicious software or clicking on link to the malicious software.
Flash drives or memory cards can also be used to spread Ransomware.
There is a common misconception among many that Ransomware can only be delivered to computers. Ransomware can infect Mobile phones and Tablets. If these devices are linked to a shared folder on a business network, Ransomware can enter the Network from the infected mobile devices.
More advanced Cybercriminals use port-scanners to search the Internet for computers with vulnerable interfaces or ports. They then exploit vulnerabilities to crack the device’s login credentials.
When Cybercriminals target a specific business, they will typically do research on the business and their employees to identify vulnerabilities that they can exploit. The attack is then launched to take advantage of these vulnerabilities, to gain access and install the ransomware.
Exploit Kits are also frequently used by Cybercriminals as a pre-cursor to Ransomware attacks, to identify potential victims. Exploit kits are malware that were developed to infiltrate and then automatically scan for vulnerabilities.
How does Ransomware spread on a Network?
Once the ransomware has infected a device, it can spread to other devices on the network.
If a business has shared folders on a cloud service or on their network, an infected item in the shared folder can spread the ransomware to other devices on the network when accessed.
Mapped drives are also a common way for ransomware to spread through a network in a similar way than shared folders.
Network administrators has access to multiple devices on a network. If a network administrator’s device is infected, this device can be used to spread to ransomware throughout the network. This becomes especially effective in the spread of ransomware if the network administrator’s password has been compromised.
Tips on How to Prevent Ransomware Encryption
- Create an effective backup strategy for critical files.
- Educate yourself and your staff to remain vigilant.
- Only use strong passwords.
- Do not use unfamiliar data storage devices.
- Use VPN when remote access is granted and when public Wi-Fi is used.
- Use reputable security software like Bitdefender Antivirus Plus and ensure that it is kept updated.