Ransomware:
It is a type of penetration of a device of a person or institution with the aim of encrypting files inside this device (and the devices connected to it in the local network) or blocking the operating system in that device and then blackmailing its owner (the person or company) to pay a ransom in exchange for re-decryption the files or removing Lock the device and its operating system. Ransomware is a type of cyber extortion, but what is electronic blackmail?
Cyber extortion:
It is a crime that occurs online and includes an organized attack by hackers on a specific device or institution with the aim of obtaining money in exchange for stopping the attack. Electronic blackmail takes many forms, including encrypting and confiscating files (as a hostage), stealing data and threatening to disclose and publish them, or preventing the user from accessing his data on his own computer.
What is the purpose of ransomware?
Simply get your data or money.
How does ransomware work?
The user receives a message via e-mail or an advertisement on a free site to see something exciting or strange. Once you click on the link or attachment to that message or announcement (which is usually with an .exe extension) the attack begins.
Once you click on the link or attachment, malware is downloaded to the victim’s machine, and now the crypto-ransomware is now in the victim’s machine.
All of this happens in a hidden way and the user does not know anything and the files are encrypted and after this is done the user appears in the browser or on the desktop asking him to use the tor browser to pay in Bitcoin or others and sets the deadline granted to the victim before the files are deleted forever or published to the public (If it’s confidential).
What can ransomware do?
Lock the device and prevent the user from entering the device until the payment of the ransom (which is usually electronic money such as bitcoin or what is called (monkeyPak)).
Control the victim’s device remotely and make it a zombie computer so that it can be used to attack other devices by attackers who control it remotely.
This attack (Ransomware) targets individuals, companies and institutions alike, so everyone is vulnerable to it.
There is no difference between Windows, Mac, Android or Apple devices in terms of the risk of being infected with this attack. All devices operating in these systems can be attacked using different tools that perform the same purpose mentioned above.
The hackers encrypt the data on the assumption that it is valuable and that its owner is ready to pay the money in order to recover it (if not, my advice is to do a scan virus) to delete the spyware used in the attack and then delete the encrypted files (if they are not of great importance to you) then Install (Malwarebytes Anti-Malware) if it was not originally installed and perform a full scan of the device because this program is excellent in detecting spyware used in the ransomware attack.
It should be noted that there is no guarantee that the files or the system will return, even if we pay the extortionists, they may take the money, then delete the files or publish them, and they carry out their threat in many cases regardless of the payment or not to pay.
Important things to know about ransomware also are:
It is discovered by Malwarebytes Anti-Malware called Troj / Ransom-ACP.
Attackers only have the decryption key, which makes the process of using other keys often useless to decrypt files.
One of the good things in this field is that the ransomware does not resemble viruses in the ability to clone itself everywhere, but it continues to search for files on the computer to encrypt, and therefore any files in the local network that have already been shared with this computer will be subject to encryption as well.
The first Ransomware appeared in 1989 as AIDS Trojan, and it was also called PC cyborg.
Hackers are given a period of between two or three days to pay the ransom and usually attach the link to the method of payment with the ransom request message (which we will see samples of in the following paragraph. The ransom value ranges between $ 30 sometimes to thousands of dollars at other times and depends on the importance of information and files that have been Access and encode it.
Among the companies that have been blackmailed in this way are Nokia and Domino’s Pizza and many others.
To prevent this type of attack, the following precautions can be taken continuously:
Maintaining the operating system and all other software continuously.
Make automatic updates for all programs and add-ons for browsers such as Java, Adobe Flash and others.
Keep the firewall running continuously.
Not to open emails that come in the spam folder and even those that come in the (inbox) if we do not know the sender or we are not sure about the extension of attachments.
Make the program for running javascript files and the biscuit is the note pad to avoid running suspicious scripts.
Use a respected antivirus (we have previously talked about several free options that can be used in previous posts) and a decent firewall.
Back up files continuously and save backups to an external hard drive or flash drive.
Disconnect from the Internet if you are not using it at any time.
Inform the designated authorities if suspicious things happen in your device and contact technical support to report any strange situation in your device if you work for a company or organization.
Ensure that the security software is constantly updated.
Do not share any files with any computer in the local network except in the event of an emergency and temporarily until the need for that will be removed and not granting powers to control your computer to anyone else in the local network or the Internet.
Not giving Administrator powers to any other user of your computer, and if you are a network administrator, do not give any user in your network the powers of a manager even on their personal computers and thus will ensure that none of them will mistake (or intentionally) run unwanted malware.