You may have heard the name of ransomware a lot lately and you might have assumed that like a virus, it infects your computer and corrupts your files. However, this type of malware is capable of going far beyond that. In this article, I examine different types of this malware, how it works, and how to stay safe from it. So, if you are not familiar with this type of malware, I recommend that you go on reading this article.
What is ransomware?
Despite what many people might assume, a ransomware is not a virus. In fact, it is a type of hacker attack. As the name implies, a virus infects the target computer and duplicates itself and by infecting the files, it aims at disabling access to these files. This is while a ransomware does not work like this. In fact, it asks for money or ransom in exchange for an encryption key. In what follows, I’ll explain more about how this process works.
A ransomware usually manages to access the victim’s computer and once there, it starts to use encryption algorithms to encrypt or a part of the data on that computer. Now, the victim’s computer requires to have the encryption key to be able to decrypt the files and only the hacker or the malware developer has the key. What this malware does next is to ask the victim for an amount of money in exchange for the encryption key. And this is the ransom that this type of malware asks for and remember, there is no way to access the files once they are encrypted unless you have the encryption key.
Ransomware software programs usually use powerful encryption algorithms that simply can not be broken to reach the raw data. As you know, the principles of cryptography are that we give a normal file with a cryptographic key to the cryptographic algorithm and in exchange, we receive an encrypted and non-readable file. To open the corresponding file, based on the encryption algorithm type, we give the encrypted file with an unlock key to the algorithm for decryption. We will then receive the original file. The malicious software will also work the same way and will encrypt your files and information without your knowledge, and will provide the decryption key only if you pay a fee. Otherwise, you should wait for months until the encryption algorithm used in the program is broken by individuals or security companies.
Types of ransomware
Ransomware has been out there for a long time. Experts believe the first of this type was a Trojan which targeted computer systems in 1989 and its victims were able to recover their data in return for a payment of $189. The name of this Trojan was PC Cyborg ransomware, developed by a person named Joseph Pope. In general ransomware are four types; cryptographic, non-cryptographic, Leakware (threats to disclose information), and mobile ransomware. So far, there have been many malicious programs that have been found to be a form of ransomware that infect many systems. The remarkable thing about ransomware is that it has grown in recent years, and since 2013 hundreds of different types of it have infected thousands of computer and mobile systems.
You may have heard a lot about some types of this malware, and you may have had some unpleasant encounters with them. One of them is the WannaCry ransomware attack that as been able to infect more than 230,000 computer systems around the world using its cryptographic algorithms.
But today, the threat that threatens our data more than ever is the risk of mobile ransomware, which are expanding rapidly and targeting most of the Android devices. By placing it on the smartphone, these malware encrypt all information and even lock the victim’s phone. In this way, the victim faces a situation in which the only way to receive the decryption keys is to pay the price the hacker has asked for. A remarkable point in dealing with such malicious programs is that some of them warn the victims that if they do not pay the desired amount within a limited and short period of time, their private keys will be lost, and then they will not be able to restore their information even with the payment of the desired amount.
Some examples of ransomware
If we want to mention examples of malicious programs and malware that ask for ransom, we can point out WannaCry, CryptoLocker, Locky, Petya, etc. In what follows, I have listed the most famous examples of ransomware and we will examine each of them together.
CryptoLocker is one of the most famous known ransomware identfied in 2013. The malware, using a 2048-bit key, attempted to encrypt victim’s files. The decryption process without the private key could take hundreds of years with the processor power of a typical computer! That’s why CryptoLocker is one of the most dangerous ransomware that threatened the user after the system was infected by the malicious software and if the requested amount was not paid within three days, the decryption key would be destroyed and the victim was no longer capable of reopening his/her files.
As mentioned above, WannaCry is among the newly discovered ransomware and has so far been able to infect more than 200,000 personal and administrative computer systems. The target of WannaCry is mostly organizational and administrative systems as they are willing to pay huge sums of money for their valuable information. WannaCry $300 dollar worth of bitcoin (untraceable Internet money) in exchange for the decryption key, and so far only the security companies have been able to identify the way to prevent it from entering the system. If infected with WannaCry, there is currently no way other than paying the requested amount, and if you do not pay it within three days, the amount will be changed to $ 600.
It’s a ransomware development code that allows people who do not have the knowledge to develop to implement and customize their own ransomware on their preferred systems. This ransomeware takes 20 percent of the cost of the ransom for each victim’s system, and the rest will be available to the program developer. Because this program gives anyone the ability to make malicious programs, it is very dangerous and can have very disastrous consequences.
This ransomware, recently identified by the ESET security team, is a mobile and Android ransomware that will request the use of the Google Play service after installing on the victim’s phone and after activating the permission, It will start its destructive process. After activating the ransomware, it downloads the launcher program and then activates by pressing the home key and locks the device. At the same time as you are trying out multiple passwords to unlock your phone, the ransomware will encrypt all of your phone’s information with the AES algorithm and you have only 24 hours to pay the requested amount of ransom. If paid, the decryption key is sent to the ransomware and the program itself will attempt to reopen the files and unlock the program. It should be noted there is currently no way to deal with it and the only way is to erase all information or flashing the phone.
How to deal with and protect yourself from ransomware
Since there is no definite way to deal with ransomware, preventing this program from getting into computer systems is now the most cost-effective and best way to deal with them. For this purpose, it is recommended to keep your operating system and antivirus always up to date, and refrain from downloading and installing programs that are not valid and without a specific source. Many e-mail and spam e-mails have been infecting their victims. So, it’s recommended that you do not click on the links on the emails that are sent to you, as much as possible, and do not be deceived by what they offer.
Non-validated and infected sites can also be another way of infecting your system with ransomware. Today, with the advent of malicious programs, only visiting a site without clicking a link can also infect a system with malware, and many ransomware use s this way to infect the victim’s system. The backup files are the best way to deal with the infection. So always back up your important files and information so that you can access your important files if you get infected. Firewalls can also allow your system to block such malicious programs. It is recommended that you keep your systems’ firewall up and running so that your data can not be lost easily.
In mobile phones, the situation is the same, and it’s suggested that you download your applications only from certain sources, such as Google Play and iTunes, to have the least chance of being infected. We also need to use effective antiviruses like AVL mobile antivirus.
This post is also available in: العربية (Arabic)