What Is Ransomware?
Ransomware is a type of malware that installs covertly on a victim’s device (e.g., computer, smartphone, wearable device) and that either mounts the cryptoviral extortion attack from cryptovirology that holds the victim’s data hostage, or mounts a cryptovirology leakware attack that threatens to publish the victim’s data, until a ransom is paid.
How does your computer become infected with ransomware?
In most cases, the software infects computers through links or attachments in malicious messages known as phishing emails. It may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it.
The age-old advice is to never click on a link in an email. The idea is to try to trick the victim into running a malicious piece of code.”
The software is usually hidden within links or attachments in emails. Once the user clicks on the link or opens the document, their computer is infected and the software takes over.
How does it work?
It finds all of your files and encrypts them and then leaves you a message. If you want to decrypt them, you have to pay.
The ransomware encrypts data on the computer using an encryption key that only the attacker knows. If the ransom isn’t paid, the data is often lost forever.
When the ransomware takes over a computer, the attackers are pretty explicit in their demands. In most cases, they change the wallpaper of the computer and give specific instructions telling the user how to pay to recover their files. Most attackers demand to remove the malicious ransomware; the price can double if the amount isn’t paid within 24 hours.
How can people prevent attacks like this?
The first step is being cautious. There is no perfect solution to the problem.
Users should regularly back up their data and ensure that security updates are installed on your computer as soon as they are released. Up-to-date backups make it possible to restore files without paying a ransom.
Users should also look for malicious email messages that often masquerade as emails from companies or people you regularly interact with online. It’s important to avoid clicking on links or opening attachments in those messages, since they could unleash malware.
Now there is a tendency of targeting mobile operating systems too. Mobile ransomware payloads are blockers, as there is little incentive to encrypt data since it can be easily restored via online synchronization.
Mobile ransomware specially targets the Android platform, as it allows applications to be installed from third-party sources.
The payload is typically distributed as an APK file installed by an unsuspecting user; it may attempt to display a blocking message over top of all other applications, while another used a form of click jacking to cause the user to give it “device administrator” privileges to achieve deeper access to the system.