There is a constant conflict between good and evil in the computer world. While the good forces work to prevent crackers and viruses, the evil forces are always able to create something even more terrible, unstoppable, and difficult to defeat. Ransomware is a particular kind of malware, however in contrast to other malware that only impersonates thieves to steal your data or dacoits that erase your data, this software is intelligent. It behaves like a kidnapper and holds your system hostage until you pay a ransom, or a sum of money, to release it.
What is Ransomware?
Ransomware is a kind of intelligent malware, but unlike other malware that merely corrupt, delete files or does some other suspicious behavior, this malware locks your system, files and apps, and demands money from you, if you want to get them back. I said intelligent because this malware helps directly the attacker to earn money. Other kinds of malwares, like viruses, trojan horses etc, merely corrupt the system or steal some sensitive data, but rarely result in some monetary benefit to the attacker (unless the malware steals some sensitive information like credit card numbers etc).
The Origin of Ransomware
Thousands of computers were infected by ransomware, which at first gained widespread popularity in Russia and spread like wildfire. These types of malware are more difficult to spot since they might appear as innocuous little programmes linked to publicly available applications on the internet. The majority of them can reach your system through email attachments, malware already on your system, or files from previously infected systems.
After locating its target, the ransomware starts to strike by blocking user access to certain files, directories, system settings, or applications. The user encounters a notification stating that particular files and programmes have been blocked and cannot be opened unless the user agrees to pay a fee. Typically, there is a mechanism to directly communicate with attackers who have taken over your system and may be located elsewhere in the world.
Types of Ransomware
Encrypting ransomware and non-encrypting ransomware are the two main categories that ransomwares fall under.
Ransomware that encrypts data and then demands a fee to decrypt it is known as an encrypting ransomware. In most cases, encryption is performed using a powerful hashing algorithm that is difficult for a standard desktop PC to crack for thousands of years. Therefore, paying the ransom and receiving the unlock key are the only ways for the user to get their files back. Due to its aggressive assault method, this ransomware is the most dangerous.
The non-encrypting variety of ransomware is another kind. This one instead limits access to your files and displays grating messages when you try to view them rather than encrypting your data. The user can quickly get rid of this less dangerous ransomware by creating a backup of all crucial files and reinstalling the operating system.
Examples of Ransomware Attacks
In 2013, the ransomware known as CryptoLocker was one of the most destructive. Evgeniy Bogache, a Russian hacker, was the mastermind behind this malware. When malware is introduced into a host system, it examines the victim’s hard drive for particular file extensions and encrypts them. These might include crucial programmes or files that the user actually needs, such as documents, software, or keys. A 2048-bit RSA key pair is used for the encryption, with the private key being sent to the command and control server. If a payment in the form of bitcoins is not made after three days, the programme then threatens to destroy the user’s private key.
A 2048 RSA key is indeed a big protection, and it will take a normal desktop PC several thousands of years to break the key using brute force. The user, helpless agrees to pay the amount in order to get the files back.
Before it was eliminated, the CryptoLocker ransomware is said to have amassed at least $3 million.
Even though that’s a lot of money, WinLock, another ransomware, was able to collect $16 million in ransom. Although it didn’t encrypt the system like CryptoLocker, it did block the user’s access to some apps and display pornographic images in their place. In order to receive a code to unlock the malware, the user was then had to submit a premium rate SMS, which cost about $10.
*All these attacks were way back in 2013.*
The most recent attack, however, was a new variant of ransomware known as CryptoWall 2.0. According to a New York Times investigation, this ransomware specifically targeted crucial victim system files, such as tax receipts, bills, and other documents, and attacked PCs in a manner resembling CryptoLocker’s attacks. Then it demanded a $500 ransom. After a week, the ransom fee doubled, and another week after that, the unlock key was deleted.
According to some accounts, CryptoWall recently updated to version 3.0, and it appears to have gotten more riskier. This version of CryptoWall uses an intelligent scanning technique to encrypt user files before creating a special connection for the user. This ransomware uses I2P in addition to Tor as a security measure to safeguard the attackers’ anonymity and make it more difficult for law enforcement to apprehend them.
Despite the irony, CrytoWall offers excellent customer service. They give the user the decryption keys as soon as they can, frequently within hours after the ransom has been paid, because they need to uphold their reputation in order to continue receiving money.
An autistic student killed themselves after receiving a ransomware email, which is a serious ransomware incidence.
This article claims that the teenager received a false email from the police alleging that he had been discovered visiting unlawful websites and had to pay a fine of £100 or face punishment. Unable to handle the catastrophe, the kid panicked and hanged himself.
Even though these emails have a professional appearance and are frequently received, it is important to remember not to trust them. They frequently direct customers to phishing websites, where the attacker steals the consumers’ bank account information and other crucial passwords. As a general rule, banks and law enforcement organisations never request private information or money online. Therefore, there is a significant likelihood that any such emails you get are a fake. If you want to confirm whether they have truly given you such notice, you may always phone them by obtaining their official number.
Black hats often make a lot of money by simply writing little programmes that lock or encrypt your system in some way, making ransomware a wise investment. While largely prevalent on the Windows platform, ransomware can also impact other operating systems, such as OS X. For example, in July 2013, one such attack disabled the user’s browser and accused him of downloading pornography.
Numerous statistics indicate that ransomware attacks are growing daily. They are mainly disseminated by spam emails, which frequently include attachments. Internet users should use extreme caution while visiting unauthorised websites and opening such emails.
Why are ransomware hackers difficult to track down?
The majority of ransomware comes from post-soviet nations like Russia. Even if these individuals seek a ransom, the ransom is paid in bitcoins, a decentralised cryptocurrency renowned for its anonymity and lack of traces. Additionally, because the hackers are foreign-born, it is difficult to persuade other nations to take action against them diplomatically.
How can we safeguard ourselves from ransomware?
As the adage goes, prevention is always preferable to treatment. So how can one safeguard himself from ransomware?
The simplest method would be to install and regularly update an antivirus or anti-malware programme on one’s computer. Free antiviral programmes are generally pretty good, but for enhanced security, one should not be reluctant to pay for one. In addition, be careful not to download dubious software from the Internet. Always download programmes from official websites rather than shady third-party ones when doing so. Additionally, always keep a copy of all crucial files. It’s incredibly simple and hassle-free to have a backup programme now that there are so many set it and forget it backup programmes accessible.
Do not forget that a stitch in time saves nine. safer to be safe than sorry.
How can ransomware be removed?
Previously, the only option to get rid of ransomware that encrypts files was to either pay the attackers money or accept that the files would always be lost. However, several computer security researchers have recently developed programmes that enable users to decrypt the contents on their hard drives without having to pay a ransom. Similar to this website, it enables visitors to enter their email address and upload a non-sensitive encrypted file. The website will email you the private key and instructions for deleting Cryptolocker from your hard drive after a successful decryption.
The programme, which was created by FireEye and FoxIT, uses reverse engineering techniques to defeat CryptoLocker. The implication is that everything that is encrypted can be decoded; it just takes time. It appears that computer science’s beneficial forces are still winning.