Ransomware
Ransomware is a type of malicious program that restricts access to certain parts or files of the infected operating system and asks for a ransom in exchange for removing this restriction.
Some types of ransomware encrypt operating system files, rendering the device unusable and coercing the user to pay the ransom.
Although attacks have been popular since the mid-2010s, the first known attack was carried out in the late 1980s by Dr. Joseph Popp.
Its use grew internationally in June 2013. The McAfee company noted in 2013 that in the first quarter alone it had detected more than 250,000 unique types of ransomware.
Usual flow
Ransomware is usually transmitted as a Trojan or a worm, for example, with a downloaded file or exploiting a software vulnerability. At this point, the ransomware will execute, encrypt the user’s files with a certain key(known only to the creator of the ransomware) and prompt the user to claim it in exchange for payment.
How to mitigate them
As with other forms of malware, security programs may not detect the payload of a ransomware program until file encryption is in progress or has been completed. If an attack is detected early, it can be easily removed without giving it time to begin the encryption process.
Computer security experts have suggested preventive measures to deal with ransomware. Using software or security policies to block known payloads will help prevent infection, but will not protect against any attack.
Maintaining offline backups in places inaccessible to the infected computer, such as external hard drives, prevents ransomware from accessing them, helping admins to restore data in case of infection.
However, prevention can require high financial and human resources at the business level.
Security experts have also pointed out that poor information management practices are an important cause of the serious impact of ransomware, they recommend among other measures reducing the use of pirated or non-legal software.
Types of ransomware
There are three main types of ransomware, the severity of which ranges from “somewhat annoying” to dangerous “Cuban missile crisis” level.
Scareware
Scareware is not so scary. It includes rogue security programs and fake technical support offers. You may receive a pop-up message informing you that malware has been detected and that the only way to get rid of it is to pay. If you don’t, you will surely continue to be bombarded with pop-up messages, but your files are basically safe.
A legitimate computer security software program would not address customers on those terms. Also, if you don’t have a program from that company installed on your compute, it doesn’t have to be monitoring you for a ransomware infection. And if you had that security software you would not have to pay for the removal of the infection, since you already paid the price of the software for it to do precisely that job.
Screen lockers
If screen-blocking ransomware gets onto your computer, it will prevent you from using your PC entirely. When you turn on the computer, a window appears that fills the entire screen, often accompanied by an official-looking emblem of the FBI or the United States Department of Justice, telling you that illegal activity has been detected on your computer and that you must pay a fine. However, the FBI would never do so or require payment from you for conducting illegal activity. In the event that you are suspected of hacking, possessing child pornography or any other computer crime, the FBI would follow the proper legal channels.
Encryption Ransomware
This is the worst of all. This is the one that hijacks your files and encrypts them, demanding a payment to decrypt them again and return them to you. The reason this type of ransomware is so dangerous is because once the files are seized by cybercriminals, there is no security or system restore software capable of getting them back. Unless you pay the ransom, you can say goodbye to your files. And even if you pay for it, there is no guarantee that cybercriminals will return your files to you.