In today’s world, cyber attacks are becoming much more covert and sophisticated. Gone are the days when an attacker would be content to stealthily deploy a Trojan Horse virus to see what is going on in your computer. Now they are intent on destroying an end user’s machine; sometimes launching Botnet style attacks in order to infect and destroy thousands of other computers in the process.
What Ransomware Really Is
The formal definition of ransomware is “…a type of malware that prevents or limits a user’s access to their computer system, either by locking the system’s screen or by locking the user’s files unless a ransom is paid.”
Essentially, ransomware is virtual kidnapping. Cyber attackers will literally hold your computer hostage until you pay a ransom payment. Typically, the cyber attacker does not want to be paid in normal currency; rather they want the ransom in a virtual currency, like Bitcoin.
Many people have heard of ransomware because of surreal headlines of attacks that have crippled businesses, brought down computer systems and disrupted business for many large and small organizations, not to mention the amount of money spent on ransom and lost business. An incident that recently occurred is the attack on the Colonial pipeline where cyber attackers both locked down and stole data, threatening to leak the information if they did not receive ransom money. The historical goal of a ransomware attack has cascaded into a potential breach if by threatening to make sensitive data public, as in the case of the Colonial pipeline.
How Ransomware is Deployed
There are two primary ways your computer can get infected with ransomware:
- Screen Lockers:
- Encrypting Ransomware:
This is a spam e-mail that contains a malware based .EXE code that launches itself once the attachment is downloaded and opened. Typical attachments are.DOC, .PPT and .XLS files. You can also get ransomware by clicking on a phony link in the content of the e-mail message. Social Engineering techniques are used to make the e-mail look like it is authentic, coming from a trusted, legitimate organization or a personal contact.
This type of ransomware is deployed through online advertising. They trick the end user into thinking they are clicking on a genuine hyperlink. If the user clicks on the link, the servers that are used by the cyber attacker will collect details about the soon to be victim’s computer, even where it is geographically located at. Once this has been accomplished, the ransomware attack is launched. Malvertising very often makes use of what is known as an infected “iframe”. This is an invisible webpage element that will redirect the end user to an authentic looking landing page. From there, malicious code is deployed onto the end user’s computer.
The Types of Ransomware Attacks
There are three types of Ransomware attacks:
As the name implies, this kind of attack is just merely designed to scare or frighten you. These kinds of attacks primarily make use of annoying pop messages. One of the most “famous” scareware is the pop up which claims that some sort of malware has been detected on your computer, and to get rid of it, you must pay a small ransom. You will know if you if you have been hit by this kind of ransomware attack if these pop ups keep appearing. The only way to get rid of it is to install anti-malware software, such as the ones available from Norton and Kaspersky.
This is the next step up in terms of the severity level of ransomware attacks. During this attack, your computer screen locks up, and you are unable to access your files and folders. To make matters worse, the message that appears will typically have an FBI, Secret Service, or a Department of Justice official seal, to make it appear that you have been caught doing some sort of illicit activity online. To unfreeze your screen, you will receive a message that you have pay a rather hefty fine. Keep in mind that these government agencies would never ask you to pay up. The best way to get your screen unlocked is to take it to a local Geek Squad to clean your computer. Unfortunately, if this does not work, you may have to get a new computer all together.
These are considered the worst kind of ransomware attack. In this scenario, the cyber attacker steals your files and encrypts them with a very complex mathematical algorithm, that is difficult to crack. To get your files back, the cyber attacker will demand a large amount of money, payable in digital currency. Once they receive the ransom, they tell you they will send you the decryption key to not only retrieve your files, but to unscramble them as well, returning them back to their initial state However, many times this doesn’t happen. Once you pay the ransom, the cyber attacker often disappears. Since you paid with a virtual currency, there is no way to track them down.
This article introduced some of the very basic concepts of ransomware. This is obviously a complex topic and one that is profitable for the attackers and shows no signs of slowing down. According to a BBC news article, there is suspicion that the Colonial pipeline attack was helped by the COVID pandemic. With many engineers working remotely and accessing systems from home, it exposes an organization to a huge amount of risk. We have been working diligently on product updates that support our customers as they work remotely and allow them to collect data from remote endpoints from outside of the network, as well as data sources in the cloud. If you are interested in learning more, take a look at our latest release. And stay tuned for future articles that will go into more detail about ransomware and provide steps that you can take to protect yourself and your organization.