What is ransomware?

shutterstock 492479059 1 scaled 1
shutterstock 492479059 1 scaled 1

All you need to know about ransomware in 60 seconds

What is a ransomware attack?

Ransomware has grown to be one of the biggest problems on the web. It’s a form of malicious software — malware — which encrypts documents on a PC or even across a network. Victims can often only regain access to their encrypted files and PCs by paying a ransom to the criminals behind the ransomware.

A ransomware infection often starts with someone clicking on what looks like an innocent attachment, and it can be a headache for companies of all sizes if vital files and documents (think spreadsheets and invoices) are suddenly encrypted and inaccessible. But that’s not the only way to get infected.

Cybercriminals didn’t used to be so obvious. If hackers infiltrated your corporate network, they would do everything possible to avoid detection. It was in their best interests not to alert a victim that they’d fallen victim to a cybercriminal.

But now, if you are attacked with file-encrypting ransomware, criminals will brazenly announce they’re holding your corporate data hostage until you pay a ransom in order to get it back.

It might sound too simple, but it’s working: cybercriminals pocketed over $1bn from ransomware attacks during 2016 alone and a Europol report describes it as having « eclipsed » most other global cybercriminal threats in 2017.

What is the history of ransomware?

While ransomware exploded last year, increasing by an estimated 748 percent, it’s not a new phenomenon: the first instance of what we now know as ransomware appeared in 1989.

Known as AIDS or the PC Cyborg Trojan, the virus was sent to victims — mostly in the healthcare industry — on a floppy disc. The ransomware counted the number of times the PC was booted: once it hit 90, it encrypted the machine and the files on it and demanded the user ‘renew their license’ with ‘PC Cyborg Corporation ‘ by sending $189 or $378 to a post office box in Panama.

aids-info-demand-500.png
The AIDS demand for payment — by post.

Image: Sophos

How did ransomware evolve?

This early ransomware was a relatively simple construct, using basic cryptography which mostly just changed the names of files, making it relatively easy to overcome.

But it set off a new branch of computer crime, which slowly but surely grew in reach — and really took off in the internet age. Before they began using advanced cryptography to target corporate networks, hackers were targeting general internet users with basic ransomware.

One of the most successful variants was ‘police ransomware’, which tried to extort victims by claiming to be associated with law enforcement. It locked the screen with a ransom note warning the user they’d committed illegal online activity, which could get them sent to jail.

However, if the victim paid a fine, the ‘police’ would let the infringement slide and restore access to the computer by handing over the decryption key. Of course, this wasn’t anything to do with law enforcement — it was criminals exploiting innocent people.

Source: https://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/