What is ransomware?02-03-2017 Author: DSwiss
Ransomware is malicious software used by cyber-attackers in order to blackmail their victims. Successful attackers can make millions of dollars extorting money from a large number of private individuals as well as businesses.
Ransom against decryption
Generally, one differentiates between two kinds of ransomware: encryption and DDos attacks. In the case of encryption attacks, the criminal typically gains access to a system through a so-called Trojan. Referring to Greek mythology, a Trojan is a piece of malicious software in disguise of an innocent link in an email, macros in a document or the like. When a person clicks on or opens the seemingly innocent item, he or she inadvertently starts a covert installation of malicious software on the computer or mobile phone in use.
Once the malware has been installed on a system, it silently proceeds to encrypt all the files on it. If the malware is not known to the security software of the infected system, it is likely to go undetected before it is too late. When all the files of the victim’s computer or mobile phone have been rendered unreadable, the attacker asks him or her for a ransom against decrypting the files. Attackers target individuals and businesses alike in order to extort money on a large scale.
SMEs are a popular target
Small and medium sized businesses are particularly interesting to target because of several reasons:
- They are generally willing to pay a higher ransom than an individual.
- In opposition to large enterprises, they typically do not invest in sophisticated IT security and may not assign resources to train employees to be aware of IT risks.
- They often will not report the attack due to fear of legal consequences or loss of reputation.
Successful ransomware such as CryptoLocker and CryptoWall enable their creators to make millions of dollars before they are stopped.
So what can I do?
One of the most efficient ways to protect yourself against encryption ransomware is to have all files on any given system backed up on an external hard drive or in the cloud. If you use an external medium to back up your data, you should disconnected it as soon as the backup is complete to avoid that ransomware potentially encrypts it. The same argument is valid if you back up to the cloud. Once the backup has completed, quit the backup application.
As suggested by the Swiss Reporting and Analysis Center for Information Assurance (MELANI), you should refrain from paying a ransom if you find yourself a victim of ransomware: Paying will only strengthen the criminals. For additional countermeasures, please refer to NCSC Ransomware section.