What is Ransomware and How to identify it?

WannaCry attack which happened in May, 2017 affected more than 200,000 people and it spread across 150 countries. This international cyber attack infected reportedly 230,000 computer systems and encrypted the data. The hackers then asked for a ransom to unlock the files. The payment for the stolen data was asked for in bitcoins. This infection was spread by a variety of methods including phishing mails and malware. After the WannaCry attack, a similar ransomware attack spread in Europe and it affected major Ukrainian companies, banks, and institutes. Over the years, the trend of Ransomware is on an increase.

What is ransomware?

Ransomware are malicious softwares which are very sophisticated and they disallow the victim to access their files unless they pay a ransom amount to get back the access. This kind of malware affects the computer files but it also may lock you out from the system completely. There are two kinds of ransomwares:

Encrypting Ransomware

Encypting Ransomware uses advanced algorithms to encrypt your computer files. It blocks the system files and asks the victim to pay if he/she ants to access the files. Once the ransom is given, the victim is provided with a key which decrypts the files. CyptoLocker, a ransomware attack, is a Trojan horse which spreads through fake emails. It is an example of Encypting Ransomware

Locker Ransomware

Locker ransomware locks the user out of thecomputer system. This ransomware blocks access to the operating system and the victim is unable to access any application or file on the system. Locker ransomwares have a delivery mechanism which is unique.

Distinguished Features of Ransomware

Ransomware has some notable features which set it apart from other kinds of malwares. Here are those distinct characteristics:

  • It has a strong encryption which means that the user cannot decrypt the files by themselves.
  • Ransomware has the capability to encrypt any kind of file whether it is documents, images, videos, audio files, etc. It can encrypt anything that is there on your personal computer.
  • Ransomware jumbles the file names so that the victim is unable to tell which data has been compromised. This trick is used to decieve and persuades the victims to pay the ransom amount.
  • In order to signify a specific kind of ransomware strain, the ransomware may sometimes add another extension to the files.
  • An image or a message will pop up, informing the victim that their data has been encrypted and they need to pay a specified amount of money to get restore the data access.
  • Since cyptocurrencies are hard and most of the times impossible to track by cyber security researchers , cyber police, and law enforcement agencies, ransomware ask for payments in Bitcoins.
  • Most of the time, there is a time limit given for ransom payments. This is done to add another layer of mental constriction to the extortion ploy.
  • The evasion techniques used by ransomwares is very complex. This is done to ensure that the outdated antiviruses are unable to detect it.
  • Cyber thieves like to spread out their infrastructure and they need to stimulate future attacks, hence they employ the ransomware infected computers into botnets.
  • Ransomwares have the capability to cause additional damage by spreading to other computers which are connected to the local network.
  • Ransomwares have the feature of data exfiltration. It means that ransomwares can mine the data from the infected system and then forward it to computer hackers and fraudsters.
  • The ransom message may be translated to the language the victim uses in order to enhance the likelihood for the ransom amount to be paid. This is known as geographical targeting.

Ransomware attacks are generally targeted towards businesses and corporations, however even individuals are not safe from these attacks. Norton antivirus provides protection from all sorts of viruses and malwares including ransomware, spyware, and adware. The Norton antivirus identifies and blocks all the threats from entering the system. It also scans and removes any existing threat. Visit the Norton website for details.

Leave a Reply