What Is Ransomware?
CREDIT: Mmaxer | Shutterstock
Ransomware, much as the name indicates, is a type of malware used to kidnap data.
This type of malicious attack encrypts some or all of the files on the victim's computer, and the attacker then demands payment for the decryption key.
Most ransomware infiltrates a victim's computer as would any other kind of malware — through infected programs, email attachments or malicious websites.
Types of ransomware
Ransomware, also known as cryptoviruses, cryptotrojans or cryptoworms, is best represented by the 2006 instance of Crypzip or Zippo, a ransomware application that circulated through private Internet users.
Individuals who found their computers infected with this Trojan horse were sent email-based ransom notes demanding $300 for the key to unlock their files.
A newer variation to the ransomware scheme locks infected computers and displays a banner informing victims that they've violated federal laws by visiting child pornography websites and must pay a fine to have their systems unlocked. Researchers call these "Police Trojans."
In another instance, a Trojan is used to encrypt files on a victim's computer, but doesn't send a ransom note. Instead, the criminal is relying on victims to go to the Internet in search of a solution.
At that point, search results will list the kidnapper's website, which sells legitimate software for decrypting files, making the kidnapper appear uninvolved with the incident while still getting money from willing buyers.
How ransomware works
When you open an unexpected email attachment or visit a malicious website, ransomware can perform a drive-by install onto your computer even if you immediately navigate elsewhere or close the attachment.
After hiding itself on your computer's hard drive, it then begins searching for common file types such as images and documents.
Once located, ransomware encrypts the files and drops a note on your desktop asking for a set amount of money to be paid. In some instances, these notes give time frames for paying the ransom, accompanied with a threat of deleting files at regular intervals (typically every 30 minutes). Such notes will provide details as to where you can send payments.
Once payment is received and processed, an automated system will either send you the decryption program or provide a serial key for activating a decryption program on the scammer's website. At this point you can decrypt your files and the ransomware is removed.
In the majority of instances, anti-virus software has the necessary signatures to block most every known type of ransomware. Firewalls don't always protect against infiltration, and they cannot prevent you from opening email attachments.
When such an event occurs, you'll need an anti-virus solution to prevent any further damage. Simply running a scan of your system is often enough to identify the ransomware and to remove it from the computer.
But, like all things on the Internet, ransomware is in a constant state of change. To protect against future risks, many Internet security professionals recommend that you back up your computer's data to an external or removable hard drive on a regular basis.
In addition, cautious browsing and deleting unexpected email attachments will help protect against data kidnapping.