Blog, Data Protection, Infographic
Ransomware- is a family of malware which takes files on a PC or a network storage and encrypts them. It then extorts money in the form of ransom to unlock the files. It is also known by the name of CryptoLocker,CryptoDefense, and CryptoWall.
Ransomware is also known to be one of the most widespread and damaging threats which the internet users face these days. After the infamous CryptoLocker appeared in the year 2013, we have seen a whole new era of file-encrypting ransomware variants which are delivered through messages and exploit kits, extorting money from users at home and businesses alike.
This current wave of ransomware can have their roots traced back to the early years of Fake AV, through the Locker variants and finally to the files- encrypting variants which are prevalent today. Each of these distinct categories of malware shares one common goal- extorting money from victims through social engineering and outright intimidation. The demands for money are increasing more forceful with each iteration.
How does a ransomware work?
According to a recent research, there are nearly 50 percent of organizations have been hit with ransomware. As the infection rates continue to rise, more and more attention has been directed towards finding ways to keeping the machines clean and the data safe.
For that, organizations need to understand how ransomware actually works and what needs to happen in order for an infection to be a success. Let’s break down what the infection process looks like, starting with the common ways in which it gets delivered and the steps you need to reduce the risk.
Stages of a Ransomware Attack
Delivery
It usually happens in one of the two ways: by clicking on a link or an attachment in an email or an exploit kit.
Execution
Ransomware authors will often leverage slight modification, process injection and other techniques to make sure their programs don’t slip past antivirus.
Encryption
Encryption can occur in minutes or seconds. Files are rendered inaccessible and typically and typically renamed with a new file extension that can sometimes signal which type of ransomware you are dealing with.
Ransom Demand
Once the encryption is done, a ransom is displayed informing the user to pay X amount to pay a fine in exchange for a decryption key. After the deadline is reached, ransom will go up and destroy the files.