What is Ransomware?
Ransomware is a form of malware (malicious software) that threatens to publish, block or delete a victim/s computer files, databases or applications. The threat actor will usually encrypt the victim’s data and demand a ransom fee in order to release the data back to the victim/s.
How Does Ransomware Work, Exactly?
The malware will encrypt the victim’s files using a randomly generated ‘asymmetric keys’. These are often called public-private keys. These encryption keys are uniquely generated for the victim and almost impossible to decrypt without the decryption key – which only the bad guy has. The bad guy only makes the decryption key available when the victim/s have paid up.
How Does Ransomware Spread?
Ransomware can spread through email campaigns or targeted attacks. Malicious emails are the most common way of spreading ransomware. Usually this will involve an infected attachment. Some of these attachments are so sophisticated, they can mimic legitimate sources known to the victim.
Should the victim be apart of a network – typical office/corporation arrangement of computers – the attacker can now move laterally. They can access a path to main servers and other computers, collecting credentials with administrator privileges along the way. Then the ransomware is dropped, and trouble begins. To make matters worse, these sorts of infections can encrypt even system backups making quick recovery challenging.
Usually installed using a trojan or worm deployed via phishing.
Will Ransomware Delete My Files?
These are criminals, they have no specific need to decrypt your files after they get your money. FinCen said the total value of suspicious activity reported in ransomware-related COVID during the first six months of 2021 was $590 million, which exceeds the $416 million reported for all of 2020. In fact, 2021 has been a record high for ransomware attacks. Law enforcement organizations advise against paying ransomware of any kind, however, in the cases of hospitals or other major public infrastructures, it may be the only option
Can Ransomware Infect Mobile Devices?
You bet! Cybercriminals can use malware to encrypt files the same way it does on your PC, but with some different approaches. Without getting into the technical side of it, it should be known that this is a growing area of ransomware activity, indicating that threat actors are motivated to continue with this avenue of extortion as a way of making money.
Do Ransomware Criminals Get Caught?
In a very small percentage of cases, the criminals will be caught. Olson, of Palo Alto Networks, says ransomware groups can be most at risk of being identified "when they're moving money around inside the financial system, rather than when they're actually launching the attacks."
Can Ransomware Infect Cloud Storage like, Google Drive, SharePoint, One Drive etc?
Indeed, cloud storage is vulnerable to ransomware infection by virtue of the fact that it is syncing with local data automatically. When your system gets infected and your files locally are encrypted, services like OneDrive and DropBox will sync up with the cloud. However, the good news is, some cloud storage solutions offers versioning and this can come in handy when go to recover the last normal version of your data.
Today’s cybercriminals don’t even have to be very technical or knowledgeable about computers. The dark web provides ransomware exploit kits, and they are among the cheapest of products available there. Some of them even include tutorial and guides on how to execute them.
Ransomware is surely not going away anytime soon. It is too profitable, and too easy to stay under the radar of law enforcement. The only real way to steer clear of any trouble is to make sure you are always using the best security you can, as in complex passwords, two factor authentication. Practicing good habits like never downloading or opening suspicious attachments in emails, not following links in emails from unknown sources. And back up regularly to an external drive! Check out here for more tips!