Security News

Ransomware 101: What, How, and Why

April 22, 2015

Ransomware 101 View infographic: Ransomware 101 - What, How, & Why

While ransomware isn’t new, many users still find themselves victimized by it without knowing how their device got infected. They could have downloaded ransomware unknowingly by visiting malicious or compromised websites, or it could have been dropped or downloaded into their systems by other malware. Paying the ransom however, does not guarantee that users will regain access to their digital assets.

Ransomware started gaining popularity years ago, and has cashed in on unknowing victims ever since it was first seen between 2005-2006 in Russia. During its initial phase, ransomware hijacks the user’s files by searching for files with certain file extensions, zips them, and overwrites the original file. The methods used have evolved since then, and by 2011, we have started seeing SMS ransomware variants where users with infected systems were prompted to dial a premium SMS number.

Some ransomware have evolved from simple scareware into what we now know as crypto-ransomware, which is a more advanced type of ransomware that goes a step further by encrypting hostaged files. In late 2013, we saw a crypto-ransomware variant called CryptoLocker, which encrypts files and locks the victim's system. Like the previous types of ransomware, CryptoLocker damands payment from the affected users to unlock their encrypted files. CryptoLocker continuously evolves and includes new tactics and methods to avoid early detection.

[More: What makes crypto-ransomware so tough to crack?]

In the third quarter of 2014, crypto-ransomware accounted for more than a third of all ransomware types found in infected systems, and it's still gaining popularity. Data gathered over the last quarter of 2014 shows that crypto-ransomware variants have increased from 19% to more than 30% in the last 12 months.

Recently, we observed a new ransomware variant called TorrentLocker, which targeted nearly 4,000 organizations and enterprises. Since its emergence in the threat landscape, it has affected users from all over the world, preventing victims from accessing their own files unless they pay a hefty ransom fee.

[More on ransomware: What it is, and how to protect yourself]

How does ransomware work?

Generally, the cybercriminal creates a code specifically designed to take control of a computer and hijack files. The files are encrypted so the victim loses access to them. Once executed in the system, the ransomware can either (1) lock the computer screen or (2) encrypt predetermined files. In the first scenario, the infected system will show a full-screen image or notification that prevents victims from using their system unless a fee, or "ransom", is paid. This also shows the instructions on how users can pay for the ransom as a fee to gain back access to the system. The second type of ransomware locks files like documents, spreadsheets and other important files.

The ransom amount varies, ranging from a minimal amount to hundreds of dollars. The attacker still profits no matter how meager the amount, as they make up in the overall numbers of computers they infect. The demand for money is paid via online payment methods. If the user fails to pay, the attacker could create additional malware to further destroy the files until the ransom is paid.

Watch "TorrentLocker In Action" in the video below:


[More: View the latest articles and updates on our Ransomware page]

How to prevent being a victim

Ransomware is a particularly sophisticated type of malware, and while knowledgeable professionals might know how to disable it, users can curb the problem by following routine security measures. It’s important to remember that in some cases, recovery without paying the ransom might not be possible, and this is when it becomes necessary to resort to file backups.

Here are a few simple tips on how you can secure yourself from likely attacks:

  • Backup your files regularly – the 3-2-1 rule applies here: three backup copies of your data on two different media and one of those copies in a separate location.
  • Bookmark your favorite websites and access only via bookmarks – attackers can easily slip malicious codes into URLs, directing unwitting users to a malicious site where ransomware could be downloaded. Bookmarking frequently-visited, trusted websites will prevent you from typing in the wrong address.
  • Verify email sources – while this practice could be tricky, it always pays to be extra careful before opening any link or email attachment. To be sure, verify with your contacts prior to clicking.
  • Update security software – employing security software adds an extra layer of protection from all possible points of infection. Specifically, it prevents access to malicious websites hosting ransomware variants. More importantly, it detects and deletes ransomware variants found in the system.
For screens that have been locked by ransomware, the Trend Micro AntiRansomware Tool 3.0 can be used to resolve the infection from a USB drive. 

See how it works on the infographic: Ransomware 101: What, How, & Why

HIDE
Ransomware 101
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Connect with us on