What is Ransomware?

Ransomware is malware (virus), aimed extorting money. Initially, attackers used ransomware to get money from PC users for the recovery of personal data.

Currently, hackers ransom money from businesses for the restoration of confidential information. There is no insurance against ransom programs.

The criminals extorted money for the restoration of medical or personal data from health care workers and locked up guests in hotel rooms. Even industrial systems can be affected.

In the past, malware, so-called blocking viruses, did not allow the victim to gain access to the desktop or browser. Malicious software evolved rapidly with appearance of cryptographers that encrypted information on computers and mobile devices. Both send user a notification as “Purchase software or a key for decryption, otherwise your data will be destroyed.

Structure of the ransom attack

Usually ransomware program is distributed with emails as attachments. Using psychological attack techniques, the user urged to download and open the attachment. In an attachment is most often found an automatically installing malware, the so-called Trojan or dropper.

After installation, the dropper enters the hacker network of infected machines (botnet), communicating with its command and control system (C2). During the connection, C2 creates and sends cryptographic material for the ransomware dropper (and possibly additional malicious code). Ransom dropper uses cryptographic material to encrypt personal data on an infected device. Then the victim receives a message asking him to pay a ransom for the key, which will decrypt the locked data.

Many extortionist hackers threaten users with the destruction of all files that store personal information if the ransom is not paid within 24 hours. To confuse the victim, some notifications issued as messages from law enforcement or government agencies demanding payment of the fine.

Ransomware program uses system of common domain names

For connecting to C2, ransomware droppers sometimes use hard-coded IP addresses. If the dropper uses a static IP address, law enforcement officers can quickly calculate and disable the C2 hacker bot network. To avoid such interception, more sophisticated ransomware identifies C2 using algorithmically generated domain names. Modern droppers of ransomware programs use DNS to get domain names that hackers constantly change, hiding from law enforcement agencies.

Do not pay the ransom!

Law enforcement and security experts agree: you should not pay the ransom!

There is no reason to believe that a hacker will provide you with the means to decrypt personal data if you pay. An attacker could disappear, continue extortion, or send a non-working key for decryption.

Take care of ransomware protection in advance.

Backup your data to protect against ransoming. By regularly saving personal or confidential information to external storage devices or to cloud storage, you make hackers’ threats senseless. Pay special attention to backing up files while traveling.

In addition, using the Internet, do not forget about security. To minimize the chance of infection by extortionate software, try the following measures:

  • Update software on your laptop in a regular manner.
  • Shut down folder sharing.
  • Update antivirus.
  • Use a reliable DNS resolver.
  • Disable macro execution.
  • Install anti-ransomware protection tools.

After completing these activities, make sure that you have the means to quickly restore the operating system, applications and archives on your device in case of infection with ransomware program. Both businesses and individuals should be familiar with the so-called files recovery services.

If you are required a ransom…

Remember: you should not pay!

Contact your friends that well with computers, computer repair service, or your organization’s IT department for help in identifying ransomware program. Specialists can help you find repositories for the disaster recovery of deleted files or boot software, ransomware removal tools or descramblers, and online recovery keystore.

Despite its unusual appearance, the following resource may be useful for protection against ransomware programs: https://www.nomoreransom.org.

Do not become a victim

Since hackers are using increasingly sophisticated means of extortion, users must take preventative measures of protection and do everything possible to prevent malicious attacks. Informed means protected. Be carefull please.

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

slow computer

What to do we done with slow computer? Problems with the hardware

Almost every computer’s user encountered such pervasive issues as its slow work. Increases everything – …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.