Security terminology demystified: ransomware edition

Apr 23, 2019

The file scrambler, the data hoarder and the ransom demander – ransomware isn’t fun for anyone.

You’ve read our comprehensive guide to cybersecurity threats and you’ve hopefully read our inside guide to malware but now it is time to delve deep into the underground chasms of ransomware. Technically, ransomware is a form of malware but it has its very own special powers that are designed to empty your bank accounts and make your life as frustrating as possible. It is the lock and key of the cybercriminal arsenal and can have severe financial implications for both people and businesses.

 

The definition

Ransomware’s premise is simple. When activated, the malicious software that makes up the ransomware package, will lock and encrypt data on the infected machine. To release this encryption, the user has to pay a ransom which is set by the cybercriminal and can be anything from thousands of Rands in transferred funds to payment in incredibly expensive cryptocurrencies. Often, the ransomware completely destroys the data so, even when the person pays the ransom, there is nothing left to recover. This type of malware is as frustrating for its methodology as for the fact that you can clearly see the files on your computer, you just can’t read them thanks to the mind-boggling encryption.

Fun fact: The most infamous of ransomware attacks was called WannaCry, a virus that infected more than 200, 000 computers in one weekend, including many international government systems, through a Microsoft vulnerability in Windows XP.

 

The threat

Ransomware comes in a variety of fun, infectious flavours, each one triggered by a different action or achieving a different goal. The different types include:

  • Cryptomalware – this popular form of ransomware does a lot of damage and forms the basis of the WannaCry attack. It spreads quickly, it attacks effectively, and it costs a lot of money to fix. Many cryptomalware attacks use incredibly sophisticated tools to achieve their nefarious goals.
  • Scareware – this fake software arrives into your inbox or on your screen when you enter a hacked website and it scares you. It tells you all about the terrifying software that’s lurking on your machine and kindly offers to fix it. However, the moment you click on this fake cleaning tool, antivirus solution, or software fixer, you are downloading ransomware. This can then lock your computer, spam you screen with alerts and pop-ups, or hold your data to ransom.
  • Ransomware-as-a-Service (RaaS) – who knew that you could create ransomware and then sell it on to the highest bidder? Well, clever hackers did. This ransomware is posted and hosted by a hacker who will handle all the admin for a cybercriminal – you know, that pesky payment collection and malware distribution – in exchange for a share of the money.
  • Doxware – Doxware is also known as leakware and it is a nasty little trick that threatens to publish your private information online if you don’t pay the ransom. Considering how so many people put personal images and documents onto their computers, this is a very unpleasant scam that nets the cybercriminal plenty of dosh from frightened people.
  • Lockers – this ransomware will infect your operating system and then completely kick you out. Like a bad housemate, it makes your life impossible and your computer inaccessible.

Fun fact: In 2017, there were an estimated 184 million ransomware attacks. The heaviest hitters over time have been: CryptoLocker, a ransomware that infected more than 250, 000 systems in 2013; Petya, one of the first RaaS solutions to hit the market and hit it hard; and SamSam, another RaaS that exploited holes found by its controllers.

 

The protection

Here are five steps that you should follow to protect your system and life from ransomware:

  1. Pick passwords that rock. You should never, ever re-use your passwords across different systems and solutions, always create new ones and always ensure that they are incredibly secure. It is hard to remember 400 passwords, sure, but there are solutions such as LastPass and Norton LifeLock that sit on your mobile devices and your PCs and remember all your passwords for you. Then you only need one hardcore password to protect them all.
  2. Select an excellent antivirus and keep your shields running. Everyone knows it can be annoying when your antivirus shields slow down performance or internet access, but they are far less annoying than ransomware. Pick an antivirus solution that has an excellent reputation and that you feel comfortable customising to suit your working needs.
  3. Backup your data and files so you can always just walk away from a ransomware secure in the knowledge that your data is safe. This doesn’t help with ransomware like Doxware or some forms of scareware or a cultivated RaaS attack, but it does provide an extra layer of protection for you and your data in the event of an infection.
  4. Keep your antivirus updated. Ensure that you have an excellent antivirus programme that can alert you to suspicious emails, websites and attachments, among other things. This should also include a ransomware blocker and the ability to manage it closely so you can ensure updates are always done on time.
  5. Don’t click on it or open it if you have even the faintest misgiving. This applies to websites, pop-ups and emails. Yes, that email threatening to take you to court if you don’t pay the attached invoice is terrifying, but it probably isn’t real and will really be terrifying if you open it. Rather be safe than sorry – you can always phone the so-called company and ask them what’s going on and resolve it from there. Keep your computer out of it.
  6. Use cloud services to minimise ransomware infections through their secure systems and operations. Many service providers ensure that their information is layered in best in class security protocols so you get to benefit from all of their hard work.
  7. Don’t pay the ransom. Yes, you want your data back, but there are so many variations of ransomware that take the money, destroy the data and leave you winded, that it isn’t worth the risk. If you are infected, you may have to just consider walking away from your precious data. Save yourself the horror by backing up your files to a secure backup or hard drive that is not connected to the internet or network. Also, sometimes the hacker will make you pay and pay and pay if they think you’re really scared or desperate and it’s a vicious circle you just don’t want or need.

 

Also read:

Security demystified: malware edition

Your security: demystifying the technology