Ransomware is a special form of malware. At least in terms of the target of attackers. The explicit aim is to extort a ransom. Ransomware is programmed in such a way that it locks files or systems for the user. A ransom must be paid to unlock them again. Ransomware is therefore a particular threat to companies.
How ransomware works
The name ransomware comes from the English “ransom”, meaning ransom and malware, as malicious software. Ransomware is always designed to blackmail. It paralyzes entire computer systems or locks files. A ransom payment is required to unlock the system. Colloquially, this is also referred to as crypto Trojans, blackmail Trojans or encryption Trojans. This also shows how ransomware gets onto a computer in practice. Like a Trojan, it is disguised in another program and strikes as soon as this program is installed. It can also hide in attachments or links in emails, which is why our first security tip is always not to click on any attachments or links in emails. The spread of ransomware can be delayed. It is therefore possible that you caught ransomware months ago and it is only now striking. By then, you will probably have forgotten where the malware could have come from. The biggest target for ransomware is, of course, companies and their digital systems. That’s where the most money is to be made. In principle, ransomware can paralyze the entire business process and thus cause considerable damage. Payment of the ransom is often demanded in the form of a digital currency such as bitcoins, as this is more difficult to trace.
Detect ransomware
Ransomware comes in thousands of variants and hundreds of disguises. That’s what makes it so difficult to detect. Once the ransomware is in the system, it is quite easy to detect, but by then it is already too late. If data is encrypted by ransomware, you will of course notice it. You no longer have access to it. In addition, ransomware usually explicitly indicates its presence. After all, you are supposed to pay a ransom. A message on the screen then tells you how and where you should pay the ransom. Of course, we want to detect ransomware in advance so that it doesn’t get onto our computer in the first place. However, this is difficult. Basically, the only advice we can give here is to be careful. Do not click on attachments and links from sources you do not trust. The same applies to pop-ups on the Internet in the form of advertising banners or links from users in social media that you do not know where they lead. To take prophylactic measures against ransomware, it makes sense to regularly back up your own files. If your computer is infected, the damage is minimal if you have saved everything elsewhere.
Known ransomware
Ransomware usually has a name. Not that this helps the victims in any way. There are a few well-known cases of ransomware attacks that have caused a stir both nationally and internationally. At the beginning of 2016, several hospitals were affected by the “Locky” ransomware. This encrypted medical records and two hospitals paid a total ransom of 15,000.00 euros to the perpetrators to unlock the files. The infection with the ransomware called “WannaCry” affected a large telecommunications company in Spain in 2017, which also includes O2 and EPlus. Employees had to switch off all computers as quickly as possible to prevent the ransomware from spreading. It had already spread to an internal server and was able to access all other devices in the company.
Conclusion
Ransomware is always designed to lock systems or files. A ransom must be paid to unlock them again. However, this is no guarantee that the files will actually be unlocked again. The correct procedure is therefore always to back up your own data regularly. The ransomware can be removed by a specialist, but not all files will necessarily be saved. Depending on the infection, it may also be necessary to format the entire hard disk.