What is Ransomware?

Ransomware is a malware that encrypts a victim’s files and systems. The malicious program prevents you from accessing your systems or files. The attacker demands a ransom from the target to restore access to files.

In ransomware attacks, hackers display instructions on how victims can pay the ransom in exchange for the decryption key.

Key Takeaways

Cybercriminals create 1.5 million new phishing sites every month. Ransomware attacks increased over 97 percent in 2017 and 2018. Thirty-four percent of businesses hit with malware took a week or more to regain access to their data.

How Does Ransomware Infect Your Computer?

Hackers use different methods to infect your devices with ransomware. Some ransomware attack vectors include:

The threat actor presents a message explaining that the victim’s files are inaccessible. The hacker commits to sharing a decryption key once their target sends an untraceable Bitcoin payment.

Types of Malware

Impact of Ransomware

If ransomware takes over your computer, the malware encrypts some or all the files. Victims cannot open the files without the decryption key in possession of the attacker. Ransomware targets different computer files, including documents, databases, source codes, and media files.

SamSam, NotPetya, WannaCry, and other popular ransomware targeting businesses translates to big payoffs to hackers and enormous losses for companies. The average cost of a data breach, including ransom payout, penalties, and remediation, is approximately $3.86 million.

A ransomware attack can knock out essential services. For instance, the 2018 SamSam cyber incident crippled Atlanta City essential services, including police record-keeping and revenue collection systems.

Ransomware Targets

Attackers employ different ways to select ransomware attack victims. The most popular approach is a matter of opportunity. In this instance, an attacker can target institutions with inadequate security capabilities and disparate user base.

Ransomware authors also target regular people. However, attackers realized full potential when they targeted business systems.

Apart from businesses and individuals, hackers target specific entities like medical facilities and government agencies that need immediate access to files and systems.

Geographically, ransomware threat actors are focused on western markets, with the US, UK, and Canada ranking as the top three countries targeted respectively. Since ransomware attackers are financially motivated, they look for areas with a wide PC adoption and wealth.

Preventing Ransomware Attacks

You can take the following measures to prevent ransomware attacks:

What Should You Do if You are Infected?

  1. Never Pay the Ransom

If you discover you are infected with ransomware, never pay the ransom. Giving hackers money encourages them to launch additional attacks on your systems.

  1. Use a Decryptor

You can use widely available decryptors to retrieve your files. Examples of free ransomware decryption tools include 7even-HONE$T decrypting tool, Alma decrypting tool, Alpha decrypting tool Shade Decryptor, Rakhini Decryptor, Rannoh Decryptor, CoinVault Decryptor, Wildfire Decryptor, Xorist Decryptor, and WannaCry decryption tool.

Always pay close attention when using a decryption tool to avoid encrypting your files further by using the wrong decryptor.

  1. A Full System Restore

You can remove screen-locking ransomware through a full system restore. In case the OS fails to boot, you can run a scan from a bootable CD or USB drive

  1. System Isolation

You can thwart encryption ransomware by disconnecting and shutting down a system that slows down for no reason. Disconnecting a target device from the Internet prevents hackers from sending instructions from the command and control server.

George Mutune

I am a cyber security professional with a passion for delivering proactive strategies for day to day operational challenges. I am excited to be working with leading cyber security teams and professionals on projects that involve machine learning & AI solutions to solve the cyberspace menace and cut through inefficiency that plague today's business environments.