Ransomware

This type of malware is used for extortion. When a device is attacked, the malware blocks the screen or encrypts data stored on disk and the user is presented with a ransom demand with payment details on the screen. Ransomware is a type of malware in which data on a victim's computer is locked, usually through encryption. Payment is demanded before the affected data is decrypted and access is restored to the victim.

Ransomware attacks are almost always associated with money, and unlike other types of attacks, the victim is usually notified of the attack and given instructions to follow to recover from the attack. Payments are usually demanded in cryptocurrencies such as bitcoin so that the identity of the cybercriminal remains unknown.

How does ransomware work?

There are multiple techniques used by ransomware operators:

• Diskcoder ransomware encrypts the entire disk and prevents the user from accessing the operating system.
• The screen locker prevents access to the device's screen.
• Crypto-ransom encrypts data stored on the victim's disk.
• PIN locker targets Android devices and changes access codes to lock users out.

How does ransomware enter your computer?

Social Engineering: A term used to trick people into downloading malware with a fake attachment or link. Malicious files are often disguised as ordinary documents (order confirmations, receipts, invoices, notifications) and appear to be sent by a reputable company or organization. Downloading or attempting to open one of them is enough to be infected by ransomware.
 
Malvertising: Paid advertisements that cause one-click infections with ransomware, spyware, viruses and other nasty stuff.Hackers can buy ad space on popular websites, even social media networks, to get your data.
 
Exploit Kits: They are pre-written code embedded in a ready-to-use hacking tool.These kits are designed to exploit vulnerabilities caused by older software.
 
Drive-by Downloads: Dangerous files that are installed on your computer against your will.Some malicious websites take advantage of outdated browsers or applications to silently download malware in the background while you browse a seemingly innocent website or watch a video.

How to protect yourself?

Basic rules to follow to prevent your data from being lost:

• Back up your data regularly and keep at least one full backup offline.
• Keep all software installed on your computer updated and patched.
• Always keep your antivirus program updated.
• Always check the URL of the website you visit.
• Do not run programs you do not trust on your system. Cracks, serial numbers, patches, etc. are the most common sources of malware. Do not allow untrusted sites to run content in your browser.
• Keep your Operating System up to date. Malware, including ransomware, often spreads through unpatched vulnerabilities in older operating systems. An attack can exploit a bug in Windows RDP software to access a system connected to the internet and run malware.