fbpx
Skip to content
Home » Blogg um netöryggi » infosec » advice » WHAT IS RANSOMWARE

WHAT IS RANSOMWARE

Ransomware is type of self-propagating malware that encrypts your files so that you cannot read or use them until you pay a ransom. Yeah, I know, I can feel how you are rolling your eyes at that unhelpful explanation full of incomprehensible technical jargon. So let me explain these terms in more detail.

MALWARE

Malware is a contraction of the term malicious software. This is a piece of software, or application, that is written with the sole purpose of being malicious and doing malicious things. Exactly what malware could do to you is wide ranging and practically anything, it is usually something destructive such as deleting files or something nefarious like stealing your files.

Malware frequently masquerades as something fun or something useful. For example, a simple computer game, while you are having fun playing the game, the game is deleting all your files. I’ve even known of malware masquerading as malware removal software. How this works is through one method or another, frequently email or web page, you are enticed to install this free tool to check for malware on your computer. While the application pretends to be scanning for malware it is scanning for files to steal/destroy. Pretty nasty stuff.

SELF-PROPAGATING

This is any software that will discover other computers nearby and install itself on all of them without any user involvement or knowledge. For example, if you have a self-propagating malware on a laptop that you take home and connect to your home network, it will discover all the other computers in your home and install itself on them. So, your spouse’s laptop, your kids’ computers, etc., all now have the same malware.

This typically happens due to un-patched vulnerability in the operating system of the computer. That is to say, for example, your version of windows might have a flaw in it that the malware is using to distribute itself to other computers with the same flaw. These types of flaws are typically fixed soon after they are discovered. These fixes are known as patches or updates. This is the reason it is important for the security of your computer to install these patches or updates when they come out. Make sure though, that you only install the authentic update from software vendor, i.e. Microsoft, and not malware masquerading as an update. If you need help with this part make sure to reach out to a trusted adviser, someone that can be trusted with the security of your computers.

ENCRYPTION

This is a rather complex topic that will require its own article. What you need to understand here is that by encrypting your file they become locked and unusable until the person or application that encrypted (i.e., locked) it, decrypts (i.e., unlocks) it.

RANSOM PART OF RANSOMWARE

OK now that I’ve explained what malware is and how it distributes itself let’s talk about ransomware itself and what makes it so dangerous.

What makes ransomware so different from other form of malware is how it holds your files (documents, pictures, etc.) hostage until you pay an outrageous amount of money to the author. This is similar to old fashion kidnapping. Bunch of criminals kidnap someone they think is loved and has a lot of money, then they keep them hostage until they are paid a lot of money for their safe return. Same thing happens here. Once the ransomware malware has been installed it starts to scan your computer and all storage devices and storage services it is connected to for files it thinks may be important enough for you to be willing to pay ransom for it, this can be every user generated file. Then they lock the files so you can’t get to them and pop up a message with the ransom demand when you try to access them. The ransom demand promises that once you pay the ransom, you will get an unlock key that will allow you to unlock the documents. Depending on the type of ransomware sometime the criminals maintain a remote connection to your computers and promise to unlock your files remotely once you pay the ransom. Now the topic of whether to pay the ransom or not and whether their promises are to be believed are hotly debated topics. Suffice it say that the prevailing advice regarding ransomware is very similar to prevailing advice regarding paying kidnappers, that is to say don’t do it. The final decision on whether to pay should reside with data owner as they are the only ones who understand the value of the locked data.

If you have made the proper preparations ahead of time the debate of whether to pay or not tends to be moot as you can just recover your files. How all that works is the topic of the next blog in this series.

WHY THIS MATTERS

Ransomware crime is on a sharp increase and projected to become #1 internet crime. According to the US Federal Bureau of Investigation Internet Crime Complain Center, or FBI iC3, 2020 Internet Crime Report available at https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf, ransomware reports have increased from 1493 in 2018 to 2474 in 2020, and aggregate ransom has increased from 3,621,857 USD in 2018 to 29,157,405 USD in 2020. While 2021 numbers won’t be available until sometime in 2022, they are expected to be multiples of 2020 numbers. Therefor it is important to be aware of this threat and be able to protect yourself from it.