- NG Firewall
- Solutions by Industry
- Solutions by Issue
Cyber security threats and attacks are always evolving. Viruses, worms, trojan horses, spyware, adware and scareware have all been around for a long time. One type of malware, however, has been grabbing headlines and creating headaches for users and IT professionals alike: ransomware.
Ransomware is defined as a type of malware that creates a restriction of some type on the user’s computer. In order to remove the restriction, the user must pay a ransom. This form of crimeware is unique in that it tries to coerce the user into directly paying the criminal––effectively turning the malware itself into a way for the attacker to profit. Over the past five years, ransomware has become more and more widespread because of the initial success of cybercriminals in convincing victims to pay to recover their files.
Hackers often use trojan horses to spread ransomware. A trojan horse (or simply, “trojan”) is any program which disguises itself in order to get a user to install or execute it. Trojans often masquerade as system or software updates, macros or other software add-ons. In reality, they carry malicious payloads that can have any number of undesirable effects: giving the hacker privileges on the computer via a “backdoor”; destroying files or corrupting disks; taking control over computing resources to use some or all of them as part of a “botnet”; or even stealing personally identifiable information like name, address, credit card information or other sensitive data directly or by “keylogging”. In the case of ransomware, the trojan hides the malicious code and tricks the user into executing it. The ransomware then is able to infect the host computer (and possibly all mounted disks and network shares).
Notorious ransomware like Cryptolocker, CryptoWall and Locky all work in similar ways. These three widespread exploits all attack files on the victim’s computer and encrypt them with a private key known only to the hacker. This makes the files useless to the victim; they can no longer access the contents without the key. To obtain the key and decrypt the files, the victim must follow the criminal’s instructions to make payment and obtain the decoder.
Ransomware can be distributed through the same vehicles as other malware: software downloads from websites, attachments to emails, and even malicious ads (known as “malvertising”) delivered over online ad networks.
Even today’s sophisticated malware protection can be circumvented by ransomware. The best approach to security is multi-layered and requires vigilance from both IT professionals and their end users.