What Is Ransomware?
Ransomware is malicious software that encrypts your computer, locking you out of confidential files and data until you agree to pay a ransom to the threat actor. If the victim pays the ransom, they will receive a decryption key that will restore their files and data access. If the demanded ransom is not paid, the threat actor will leak their data on data leak sites (DLS) such as the dark web and/or permanently block access to your files.
How Does Ransomware Work?
- Threat actors will often infiltrate a victim's device using social engineering techniques such as phishing emails that contain harmful links or attachments. The victim will often click on the harmful link or download the attachment, and the ransomware variant will begin to infiltrate the device.
- Once the victim’s device is infected, the ransomware begins to look for files and data to encrypt. Depending on the variant type, the ransomware may look for ways to spread onto other devices and systems that share the same network.
- Once the data and files have been successfully encrypted, a ransom note will be sent to the victim. Often a pop-up will appear on their screen with instructions on how to pay the ransom, which is usually in the form of a cryptocurrency such as Bitcoin.
Common Types of Ransomware
Encryption ransomware is one of the most common and harmful types of ransomware. It encrypts files and data on a device, often scrambling the names of files and making them unreadable. In most cases, you will be able to see your files but not access them until you have paid the ransom and gained access to the decryption key.
Scareware is a tactic used by threat actors which convinces victims that they have a virus. Victims will often receive a message on a website in the form of a pop-up, in an email, or on a phone call claiming they have a virus and must download the software they are suggesting to defeat it. These pop-ups look so legitimate that users are quick to hand over their money in an attempt to stop the virus; however, they end up downloading fake antivirus software, which will now attempt to steal the data on their device.
Screen Lockers hold your device ransom until you pay to be able to access your device and data. Screen Lockers use pop-ups to alert the victim and will often take on the persona of an official source such as the FBI to convince victims that the message is legitimate. The pop-up will demand the victim to make a payment so they can access their devices again.
RaaS (Ransomware as a Service)
RaaS is becoming increasingly popular. It is a subscription-based service that has adopted the Software as a Service (SaaS) business model. It enables threat actors to use pre-developed ransomware to exploit users and devices. If the attack is successful, the threat actor will earn a percentage of the ransom payment. RaaS users do not have to be skilled or sophisticated hackers; they simply have to execute and successfully retrieve a ransom payment to earn their money. This is one of the reasons RaaS is becoming increasingly popular.
With ransomware showing no signs of slowing down, and businesses coming under attack each day, the need for businesses to invest in cybersecurity has never been greater. Our eBook, 12 Steps to Prevent Ransomware, offers tools and resources to help you build a cybersecurity stack that is resilient to ransomware attacks. Inside you’ll discover how to implement a cyber strategy that keeps you protected, how to navigate and minimize risk, how to remain vigilant and proactive, and how to stay one step ahead of new and emerging threats. Download the full eBook.