What Is Ransomware?

Introduction

In today’s world, Cyber-attacks are getting much more covert and sophisticated in nature.  Gone are the days when an attacker would be merely content by simply deploying a Trojan Horse virus to secretly see what is going on in your computer.  Now, they are bent on a total destruction of the end user’s machine, and from there even launching Botnet style attacks in order to infect and destroy thousands of other computers in the process.

What It Really Is

But there is a new trend occurring these days:  Cyber attackers want to hold your computer hostage until you literally pay a ransom payment. This kind of attack is known as “Ransomware”, and it can further elaborated on as follows:

“It is a type of malware that prevents or limits a user’s access to their computer system, either by locking the system’s screen or by locking the user’s files unless a ransom is paid.” (source 1)

So, as you can see from the definition Ransomware, it is literal virtual kidnapping.  You cannot access anything on your computer unless you pay that ransom which is demanded by the Cyber attacker.  But the caveat here is that the Cyber attacker does not want to be paid in the normal currency; rather he or she wants to be paid in terms of a virtual currency, known as the “Bitcoin”.

How Ransomware is Deployed

There are two primary ways in which your computer can get infected with Ransomware:

  1. Via MalSpam:

This is essentially a spam e-mail that comes into your inbox, but it contains a Malware based .EXE code that will launch itself once the attachment is downloaded and opened up.  These types of attachments are typically .DOC, .PPT and .XLS files. You can also get Ransomware by clicking on a phony link in the content of the e-mail message.  The techniques of Social Engineering are very often used in this regard in order to make the e-mail look like it is authentic and coming from either a trusted, legitimate organization or personal contact.

2. Via Malvertising:

This is when a Cyber attacker uses online advertising in order to capture the unwitting attention of the end user and ensnare them into clicking on a genuine looking hyperlink.  If this does happen, then the servers that are used by the Cyber attacker will collect details about the soon to be victim’s computer, and even where it is geographically located at. Once this has been accomplished, then the Ransomware attack is subsequently launched. Malvertising very often makes use of what is known as an infected “iframe”.  This is actually an invisible webpage element, and will redirect the end user to an authentic looking landing page. From there, the malicious code is then deployed onto the end user’s computer.

 

Conclusions

Our next blog will examine the major types of Ransomware attacks.

Sources

  1. “Ransomware.” Definition – Trend Micro USA, https://www.trendmicro.com/vinfo/us/security/definition/ransomware.