Common features and types of Ransomware

Ransomware is different than traditional viruses. It is malicious software that uses encryption to hold data on your computer and locks you out to access them. It is circulated by hackers who demand a ransom usually through cryptocurrency with promises to provide the decryption key to recover the hacked data. The ransomware attacks rising day by day and individuals with valuable data and enterprise data have become more vulnerable to these attacks. Public schools, hospital, energy plants and police department also become its victim. Now, home computer can also infected by ransomware. These types of cyber attacks are now one of the biggest cyber security threats. Ransomware attacks grew up by nearly 250% in the last year and an estimated $5 billion loss incurred by businesses.

Along with money, these attacks also led to loss of valuable files, create downtime and reduce productivity. An antivirus can able to prevent many different types of ransomware, but if it’s fully taken control on your system than the antivirus will probably fail to stop it.

Where does a ransomware come from?

Ransomware is created by hackers with deep knowledge in computer programming. It spread very quickly and hits hard. It generally enter your computer through opening a malicious email attachment, fake links to social media scams, downloading an unreliable file or through your web browser if you visited a website already infected with this type of malware. Your network can also let them to inter in to your system.

How Ransomware Works?

Once inter in to your computer, the ransomware install itself on the system and keep running in the background regardless of the knowledge of the computer users. It denies access to the user and locks all the important data on the computer. The compromised computer displays a message that the files are not accessible and will be available if victim send the ransom via untraceable payment methods. If victims agree to pay the hackers and wish to gain access, a mathematical key is provided by them.

How to recognize ransomware?

Hackers generally mask the file extensions of ransomware to trick the victims who starts thinking it is a useful doc, excel or pdf sheet. When a victim tries to open these files, it starts running in the background and starts encrypting your files. Initially, everything going fine and all system files are still be accessed. But the ransomware silently establish contact with the hacker’s server to have control on your system. A ransom note pops up and asks money for unlocking the hacked data. The victims usually have 72 hours to pay to hackers and the asked amount rises up if a victim didn’t follow the deadline.

Types of Ransomware

There are many different types of Ransomware exist and comes in all sizes and shapes. Some types are very harmful than other types, but ransom is involved in all variants. The first known ransomware was PC Cyborg in 1998. It encrypts user files by simple symmetric encryption, and it was rather easy to generate tools to decrypt files encrypted by PC Cyborg. In 2012 Reveton worm appeared which hostage computer files for ransom payment. After two years, CryptoLockers was appeared, that encrypting user files and asking victims a ransom for providing key to decrypt them. This becomes the blueprint for most of the ransomware that has existed since. Thus, there are two main types of ransomware – Locker ransomware and Crypto ransomware.

Locker ransomware

As per their name, it locks user out of their valuable files and demanding payment to unlock the same. This type of malware generally doesn’t encrypt the data of the victim, it prevents users the access to their device. This locks the data from the user and demands the users for the ransom. The victim has then very few capabilities with their system and only have the capabilities to communicate with the hackers and pay them as demanded. Unfortunately, in many cases the victim has to lose their valuable data after paying the ransom, as hackers leave some embedded password stealing software even after receiving the ransom.

Reveton is the type of Locker ransomware which started appearing in 2012, locking user’s computer by preventing them from logging in and flashing a message which appeared to come from a national police department. As per the messages, the user had been involved in serious illegal activities and can avoid the potential charges and regain access to their system only after paying the fine in terms of ransom.

Crypto ransomware

Crypto ransomware is the most common type of ransomware these days. The hackers demanded the ransom in the form of a cryptocurrency. It essentially encrypts user files and takes the files hostage and demand payment via an anonymous cryptocurrency address in exchange for the decryption key needed to restore it for normal use. Crypto ransomware often includes a deadline to pay the ransom. If a victim doesn’t pay by the deadline, all the data are deleted. Many users avoid backing up their valuable data to an external storage device, so they ultimately pay the hackers as they can’t able to bring back their files. Unlike other malware, it neither hidden or subtle. It generally displays shocking messages to grab their attention, and take the advantages of users fear to pressure them into paying the ransom.

The WannaCry ransomware attacked more than 100,000 computers in May 2017 and quickly spread worldwide. It is known as the most widespread ransomware attack till date. It also infected government networks in Russia and UK. The hackers demanded $300 in bitcoins from their victims but many users reported that even after paying the asked ransom they did not even receive their data.

Mac ransomware

Mac ransomware is a form of ransomware that targets Apple computers. Although it’s currently not as widespread as the types attacking windows systems. Mac ransomware is still every bit as dangerous.

KaRanger evolved in 2016 and is known as the first Mac ransomware attacked Mac computers with OS X. Once infected, this ransomware would wait for three days before encrypting 300 different files types and create a text file containing a ransom demand of one Bitcoin and suggestions on how to proceed further for the payment.


Leave a Reply

Your email address will not be published. Required fields are marked *