Imagine that one day you turn on your computer and find a message telling you that all your files have been encrypted and that you can only recover them if you pay an amount of money to a stranger. You lost the photos from that summer, the important documents and the information you had to study. What would you do? Would you pay the ransom? Would you report the case to the authorities? Or would you try to solve the problem on your own? Although it may seem like this never happens, the truth is that it has become a reality for many people and companies that have been victims of ransomware attacks.
Ransomware is malicious software that prevents access to the victim’s data or device and requires a payment to restore it. In short, it is a cybercrime that has grown exponentially in recent years, and that causes serious economic and reputational damage to those affected.
In this post, we are going to explain what ransomware is, how it originated, how it works, what consequences it has and how we can protect ourselves from it. If you want to know more about this topic, read on.
The beginnings of ransomware attacks
First, let’s put this situation in context. And, although ransomware attacks seem like something out of modern science fiction movies, nothing is further from reality since they have existed since the era of floppy disks.
The first ransomware attacks date back to the late 1980s, when a biologist named Joseph Popp distributed about 20,000 floppy disks infected with a program that encrypted computer files and demanded $189 to unlock them. This case is known as the “ AIDS Trojan ” or the “PC Cyborg”.
Since then, ransomware has evolved and diversified, taking advantage of new technologies and system vulnerabilities. Some of the most famous and destructive attacks in history are:
- CryptoLocker: Appeared in 2013 and spread through emails with malicious attachments. It demanded a payment in bitcoins to obtain the decryption key.
- WannaCry: emerged in 2017 and took advantage of a vulnerability in the Windows operating system that had been leaked by a group of hackers. He blocked access to the system and demanded a ransom of $300 in bitcoins. Among its victims were hospitals, companies, banks and public organizations.
- NotPetya: Also produced in 2017 and was based on the WannaCry code, but with some modifications that made it more harmful and difficult to remove. In this case, it did not offer any way to recover the data, as its purpose was to cause as much damage as possible. It is estimated that it caused losses of more than $10 billion.
How ransomware attacks work
Now, how do ransomware attacks work? Well, this virus reaches computers or electronic devices in different ways, but the most common are the following:
- Malicious email: It usually includes attachments or links that somehow pique users’ interest. The objective is for them to click and thus download the ransomware. They usually pose as trusted entities or friends, so it is better to be alert and carefully check the sender of the message.
- Malvertising: has it ever happened to you that you are browsing the web and have been redirected to another page without your wanting it? Well, be careful, this is another way of sending the virus. This method usually uses exploit kits, which are programs that detect and exploit vulnerabilities in browsers or installed plugins.
- Removable or removable devices: we are talking about USB flash drives, external drives, SD cards or other devices that, when connected to the computer or device, execute the ransomware.
If the virus has already infected the system of your electronic device, by whatever means, it can act in two main ways:
- Encryption ransomware: This is the most common and consists of encrypting the victim’s files with a key that only the attacker knows. It then displays a message demanding a ransom in exchange for the decryption key.
- Blocking ransomware: is less common and consists of blocking access to the victim’s system or device, preventing them from using it. It then displays a message demanding a ransom payment. The message often pretends to come from a legitimate authority, such as the police or a government agency.
Consequences of ransomware attacks
Ransomware attacks constitute a very serious threat to organizations and users, especially in two areas:
- Financial losses: Ransomware can affect the organization’s business and reputation, causing loss of revenue, customers or opportunities.
- Data Losses: May prevent access to critical, sensitive and valuable data, which may have legal, regulatory or strategic consequences for the organization.
Protection against these attacks
Protecting yourself from these types of attacks can be difficult, although not impossible. Take note of these recommendations that we share with you:
- Keep operating software up to date. This recommendation is also valid for corporate environments. Updated software helps you fix vulnerabilities and prevent infections.
- Raise staff awareness about the risks of ransomware and how to avoid them.
- Have a plan prepared to respond to an infection. You can use antimalware programs whenever you think your computer is infected.
- Use cloud technologies to back up your data and access it from anywhere.
Recover data and remove ransomware
To recover data and remove ransomware, you can follow these steps:
- Turn off or disconnect your computer from the network. This will prevent the ransomware from spreading to other devices or shared files.
- Never contact cyber criminals or pay ransom. This will only encourage them to continue attacking and will not guarantee the recovery of your data.
- Use antivirus software to clean the infected device. Follow the instructions of the program you choose and make sure you remove the malware completely.
- Use a ransomware decryption tool to recover your files. Before using them, make sure you have removed the ransomware from the device.
Can these crimes be reported?
The answer is yes. Report the incident to the National Cybersecurity Institute (INCIBE) or to the Technological Research Brigade of the National Police. According to the INCIBE website, to report a ransomware attack you will need:
- A detailed description of the incident and your contact information.
- The original ransom note in the format in which it is located on your computer. If you do not have it or cannot locate the file, send a screenshot showing the content of the note.
- Two files encrypted by the ransomware (that do not contain personal data, whose originals were in Word or Excel format and occupy less than one MB).
Do you want to know more? We invite you to subscribe to Educa.Pro and enjoy, starting today, a wide range of specialized training offers without any limits!