What is Ransomware?

Question Mark

Ransomware is a form of malware (malicious software) that threatens to publish, block or delete a victim/s computer files, databases or applications. The threat actor will usually encrypt the victim’s data and demand a ransom fee in order to release the data back to the victim/s.

How Does Ransomware Work, Exactly?

Question Mark

The malware will encrypt the victim’s files using a randomly generated ‘asymmetric keys’. These are often called public-private keys. These encryption keys are uniquely generated for the victim and almost impossible to decrypt without the decryption key – which only the bad guy has. The bad guy only makes the decryption key available when the victim/s have paid up.

How Does Ransomware Spread?

Question Mark

Ransomware can spread through email campaigns or targeted attacks. Malicious emails are the most common way of spreading ransomware. Usually this will involve an infected attachment. Some of these attachments are so sophisticated, they can mimic legitimate sources known to the victim.

Should the victim be apart of a network – typical office/corporation arrangement of computers – the attacker can now move laterally. They can access a path to main servers and other computers, collecting credentials with administrator privileges along the way. Then the ransomware is dropped, and trouble begins. To make matters worse, these sorts of infections can encrypt even system backups making quick recovery challenging.

Usually installed using a trojan or worm deployed via phishing.

Will Ransomware Delete My Files?

Question Mark

These are criminals, they have no specific need to decrypt your files after they get your money. FinCen said the total value of suspicious activity reported in ransomware-related COVID during the first six months of 2021 was $590 million, which exceeds the $416 million reported for all of 2020. In fact, 2021 has been a record high for ransomware attacks. Law enforcement organizations advise against paying ransomware of any kind, however, in the cases of hospitals or other major public infrastructures, it may be the only option

Can Ransomware Infect Mobile Devices?

Question Mark

You bet! Cybercriminals can use malware to encrypt files the same way it does on your PC, but with some different approaches. Without getting into the technical side of it, it should be known that this is a growing area of ransomware activity, indicating that threat actors are motivated to continue with this avenue of extortion as a way of making money.

Can Ransomware Infect Cloud Storage like, Google Drive, SharePoint, One Drive etc?

Question Mark

Indeed, cloud storage is vulnerable to ransomware infection by virtue of the fact that it is syncing with local data automatically. When your system gets infected and your files locally are encrypted, services like OneDrive and DropBox will sync up with the cloud.  However, the good news is, some cloud storage solutions offers versioning and this can come in handy when go to recover the last normal version of your data.

In Conclusion

Question Mark

Today’s cybercriminals don’t even have to be very technical or knowledgeable about computers. The dark web provides ransomware exploit kits, and they are among the cheapest of products available there. Some of them even include tutorial and guides on how to execute them.

Ransomware is surely not going away anytime soon. It is too profitable, and too easy to stay under the radar of law enforcement. The only real way to steer clear of any trouble is to make sure you are always using the best security you can, as in complex passwords, two factor authentication. Practicing good habits like never downloading or opening suspicious attachments in emails, not following links in emails from unknown sources. And back up regularly to an external drive! Check out here for more tips!