Ransomware

Ransomware is a type of malware designed to block an IT system until a ransom has been paid.

What is ransomware?

Ransomware is malware that infects a computer, generally when a user clicks a link or file received as an attachment to an email. This then gives the criminals the ability to remotely block the device and encrypt the files.

Users then lose control over all the information stored on the device, and the malware launches a pop-up screen demanding a ransom, often in virtual currency (e.g. bitcoins).

 

Types of ransomware

The most common technique used by criminals is extortion. The ransom is demanded using threats, in most cases in exchange for halting the attack. In recent years there have been several such cases with worldwide repercussions: WannaCry, NotPetya and BadRabbit.

Cybertheft is another frequently used option for profiting from ransomware attacks. A vulnerability in a Web application on a previously-infected computer can open the door to the theft of large quantities of confidential information, especially on devices connected to the networks of large companies or organizations. These actions occur after extortion attacks, even when victims have already paid the ransom.

A third type of attack that uses ransomware is the sabotage of civil or military infrastructure. In these cases, hackers look to drop malware on a computer that is connected to the system, and launch a brute force attack on the Remote Desktop Protocol. This way, they hope to find weak passwords that will open the door to the system.

There are many recent examples of this type of ransomware, such as the one that targeted Saudi Arabia' national oil and gas company, paralyzing crude oil exports for two weeks. The same software was used in 2016, with a new strain dubbed 'SamSam', against the city of Atlanta in the USA, which forced the city council to suspend all digital processes and delay electronic payments.

 

How to protect against ransomware

To protect home users and businesses from ransomware, there are several recommendations:

  • The first step to avoid these attacks is to keep your operating system up-to-date; updates can be scheduled automatically or installed periodically.
  • Make regular backup copies to avoid losing data.
  • Inform users and make them aware of the importance of detecting possible phishing attacks. It is important, for example, not to click links in emails or download attachments from non-trusted sources, as well as recognizing spoof or fake emails.
  • Scan systems and carry out audits and vulnerability checks to detect potential entry points.
  • Install and advanced cross-platform security solution like Panda Dome, which scans in real-time and can prevent, detect and resolve these types of attacks.