While ransomware isn’t new, many users still find themselves victimized by it without knowing how their device got infected. They could have downloaded ransomware unknowingly by visiting malicious or compromised websites, or it could have been dropped or downloaded into their systems by other malware. Paying the ransom however, does not guarantee that users will regain access to their digital assets.
Ransomware started gaining popularity years ago, and has cashed in on unknowing victims ever since it was first seen between 2005-2006 in Russia. During its initial phase, ransomware hijacks the user’s files by searching for files with certain file extensions, zips them, and overwrites the original file. The methods used have evolved since then, and by 2011, we have started seeing SMS ransomware variants where users with infected systems were prompted to dial a premium SMS number.
Some ransomware have evolved from simple scareware into what we now know as crypto-ransomware, which is a more advanced type of ransomware that goes a step further by encrypting hostaged files. In late 2013, we saw a crypto-ransomware variant called CryptoLocker, which encrypts files and locks the victim's system. Like the previous types of ransomware, CryptoLocker damands payment from the affected users to unlock their encrypted files. CryptoLocker continuously evolves and includes new tactics and methods to avoid early detection.
In the third quarter of 2014, crypto-ransomware accounted for more than a third of all ransomware types found in infected systems, and it's still gaining popularity. Data gathered over the last quarter of 2014 shows that crypto-ransomware variants have increased from 19% to more than 30% in the last 12 months.
Recently, we observed a new ransomware variant called TorrentLocker, which targeted nearly 4,000 organizations and enterprises. Since its emergence in the threat landscape, it has affected users from all over the world, preventing victims from accessing their own files unless they pay a hefty ransom fee.
[More on ransomware: What it is, and how to protect yourself]
How does ransomware work?
Generally, the cybercriminal creates a code specifically designed to take control of a computer and hijack files. The files are encrypted so the victim loses access to them. Once executed in the system, the ransomware can either (1) lock the computer screen or (2) encrypt predetermined files. In the first scenario, the infected system will show a full-screen image or notification that prevents victims from using their system unless a fee, or "ransom", is paid. This also shows the instructions on how users can pay for the ransom as a fee to gain back access to the system. The second type of ransomware locks files like documents, spreadsheets and other important files.
The ransom amount varies, ranging from a minimal amount to hundreds of dollars. The attacker still profits no matter how meager the amount, as they make up in the overall numbers of computers they infect. The demand for money is paid via online payment methods. If the user fails to pay, the attacker could create additional malware to further destroy the files until the ransom is paid.
Watch "TorrentLocker In Action" in the video below:
[More: View the latest articles and updates on our Ransomware page]
How to prevent being a victim
Ransomware is a particularly sophisticated type of malware, and while knowledgeable professionals might know how to disable it, users can curb the problem by following routine security measures. It’s important to remember that in some cases, recovery without paying the ransom might not be possible, and this is when it becomes necessary to resort to file backups.
Here are a few simple tips on how you can secure yourself from likely attacks:
See how it works on the infographic: Ransomware 101: What, How, & Why
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.