Ransomware is malware that blocks the use of computers or data and demands a ransom for release. Methods such as file encryption are used. Well-known examples of this type of malware are CryptoLocker, WannaCry, or Locky.
The term ransomware is derived from the English word “ransom”. It means ransomware. Ransomware is extortionate malware that tries to block the use of systems or data. Users are asked to pay a ransom to unblock the system.
What is Ransomware?
Since the malware often blocks data by encrypting it, ransomware is also called crypto Trojan or encryption Trojan. A wide variety of operating systems such as Windows, Linux, macOS, or Android and hardware platforms such as servers, PCs, tablets, or smartphones can be affected by the malware.
In the business environment, there are known cases where large sums of money were paid in order to regain the use of systems or data. A common payment method for crypto Trojans is Bitcoin, as payments with virtual currency cannot be tracked. Well-known examples of encryption Trojans are WannaCry, CryptoLocker, or Locky.
Infection with Ransomware
Infection occurs in a similar way to other malware. Common infection routes include via email attachments, through infected websites, by downloading infected software, or via prepared media such as USB sticks and memory cards. Many current virus scanners detect numerous variants of the encryption Trojans and prevent infection. Once the malware has taken root on a computer, some of the malicious programs are able to spread further in the networks as computer worms via security holes that have not been closed.
The different working methods of the ransomware
The malware can use different ways of working. Usually, these two variants are used:
- Blocking the system
- Encryption of files
Simple blockade methods are the display of windows that cannot be closed by unsuspecting users and make it difficult to use the computer. The software displays instructions on how to remove the blockade by paying a ransom. Often, this type of blockage can be removed with little effort. Data is not affected in this case.
Crypto Trojans that encrypt data have a great potential for damage. The programs start encrypting files on the hard drive and on connected storage such as cloud storage or server drives without it being apparent to the user. Once the files are encrypted, the user has no access to them. The crypto Trojan asks the user to pay a ransom in order to get hold of the key. Only with this key is it possible to decrypt the files.
Protective measures against ransomware
To protect against ransomware, the same protective measures should be taken as against viruses and Trojans. Attention should be paid to up-to-date virus software, closed security gaps, and responsible handling of e-mails or external data. Firewall functions must be activated. Regular backups allow data to be restored without paying a ransom in the event of damage.
For comprehensive ransomware protection, it is also important to keep backup data separate from the system. An active backup hard drive connected to the computer is also affected by the crypto Trojan’s encryption and the backed up data is unusable.
Once Ransomware is detected on a computer, the system should be shut down immediately to stop the encryption of data. Some anti-malware programs subsequently allow the removal of the ransomware without paying a ransom. Already encrypted files may be recoverable via published decryption tools.