SOS: When operating systems are held hostage

Ransomware, which is a type of malware, evolved from cryptovirology. Back in 1996, it was known as cryptoviral extortion. The concept of this malware is that the instigators will threaten to block access to files, unless a ransom is paid. The files remain on your computer, but they are encrypted. Think of it as the online form of the bully’s game of keep-away. Thus, it is one of the most prolific criminal business models in modern times.

Types of Ransomware

There are multiple types of ransomware – crypto malware, lockers, doxware, and Ransom as a Service (RaaS).

Crypto Malware

This type of ransomware encrypts the files on your computer, and ransom is demanded to obtain the decryption key. Crypto malware is considered a “silent threat”, as it only requires CPU cycles to do its work. Like most malware, the longer it stays undetected, the better it is for the perpetrator. 

Lockers

Locker ransomware targets your computer’s operating system. This will completely lock you out of your computer, rather than simply encrypting the files on your hard drive. Some versions of this malware include password-stealing protocols, which would prevent regaining access, even if the ransom was paid.

Doxware

Doxware is ransomware’s evolution. It can also be thought of as blackmail, as the hacker would threaten to publish the sensitive information found, online. The name “doxware” comes from the term “doxxing”, which means finding and publishing private information about an individual or organization.

RaaS

This is used by criminals who may not have the technical knowledge to compile malware themselves. They are able to subscribe to packages, borrowing from the software-as-a-service model. This can be very profitable for those selling the code, as not only would they be making money from the subscription license, they would also split the ransom paid with the individual who subscribed.

How Does it Work?

Ransomware, for all its complexity, follows a rather simple pattern. First, your system is compromised. This can be from accessing a hacked website, or downloading a malicious attachment, whether from a website or email. Next, the malware takes control, and the victim is notified. When the demanded ransom is paid, usually control is released to the end-user.

How to Prevent Being Attacked

Be very cautious as to the documents you download. Ensure you have an anti-virus and firewall on your computer, and make sure that it can scan all your email attachments, and what you download from the web.

Also, make sure that your operating system has all patches applied. Don’t let it get out of date – this is where vulnerabilities come from, and the hackers plug right into those. Or, they may try to trick you into installing malware. If you get a suspicious email, text, or phone call asking for personal information, do not provide it. If you are at work, contact your IT department.

Finally, make sure to back up your files on a regular basis. Not only will this help with recovery, it provides a sense of version control with your documents.

After the Attack

If you are affected by the malware – do not pay the ransom. It is tempting, with the promise to return control and access of the files to you being presented, but you are dealing with criminals. Having ransom paid will only encourage and motivate them to continue targeting others. There is also no guarantee that access will ultimately be returned – you are dealing with criminals.