What is Ransomware and What Does it Do?
An introduction to Ransomware.
You may or may not have heard about Ransomware, either way it is vital that you get to know more about this increasingly popular cyber crime tool.
Now in your day to day routine at the office you probably sift through many emails and files and visit any number of websites either as part of your work or simply in between work.
Some of these emails, files and websites may not be what they appear to be. Beware!
Ransomware Modus Operandi
As the name suggests, ransomware is aimed at extorting people by ransoming their computer information. Typically, ransomware will access your computer through an attachment or link within an email.
As you sift through your emails each day you happen to notice a subject line that reads, ‘Urgent Action Required’ or ‘ Attention! Final Notice’, or perhaps, ‘Your Account has been suspended!’. These and similar subject lines are designed to grab your attention and induce a certain degree of worry or panic.
For most people, avoiding trouble and maintaining a good standing with the law and society in general means we pay attention when someone says we are in breach in some way or another. Now that these cyber criminals have your attention you are told you need to download a file, click on an attachment or follow a link.
Having done what you were instructed to do you have now set the ball rolling. What’s worse, is you won’t know that things are in motion and your computer is being hijacked. You will only know when it is too late.
What Ransomware Does
So once you have taken the bait and fallen into the trap a sequence of actions is triggers, these actions are as follows:
- The cyber criminal’s ransomware sends an electronic request to a remote server, most likely situated in some far away country halfway around the world.
- It asks this server for encryption keys that it will then install on your computer or server.
- The remote server then generates an encryption key for your system and for another system run by the hacker or cyber syndicate who are about to demand a ransom.
- Once the requested key has been received the ransomware starts the process of encrypting all your files. By all your files is meant, every single thing on your computer from pictures to spreadsheets, from videos to programs. Everything!
Now the above will probably take some time. The more information you have the longer it will take. You more than likely will not even notice the encryption taking place. If you do notice something it may be a slower that usual computer or perhaps a few files give you difficulty.
Once the encryption process is complete the inevitable happens…
A screen pops up telling you your computer, files, system etc. has been encrypted and that in order to un-encrypt your files you need to pay X amount within the next few days.
At this point most of the blood in your face has drained down to your big toes and you are probably feeling a lump growing in your throat while your stomach starts to churn.
At this point you may feel the need to panic!
Now the pop up notice may come in a variety of forms but it still does the same thing. It tells you your files are encrypted and unless you pay the ransom in time your files will be deleted or forever encrypted.
What Can You Do?
When the above happens you normally have only a few options. You can:
- Pay the ransom (You may still not get your files unencrypted)
- Hire an electronic security expert (Expensive and not guaranteed to help)
- Do nothing hoping it is a hoax and then discovering it is not, lose all your data
- You can recover your information using cloud or offsite backups (If you have been future thinking and created them)
You will only have a few days to choose what do as your attackers want to get their paycheck as soon as possible.
Of course the best thing you can do is avoid the attack and have up to date backups available should the attack be unavoidable.
In our next article we’ll take a look at ways to prepare for an attack and tips on how to handle one.