What Is Ransomware?

What Is Ransomware

Date First Published: 1st May 2023

Topic: Cybersecurity

Subtopic: Threats To Systems, Data & Information

Article Type: Computer Terms & Definitions

Difficulty: Medium

Difficulty Level: 4/10

Learn more about what ransomware is in this article.

Ransomware is a type of malware that blocks access to a computer system or files until a sum of money is paid. Ransomware may encrypt your personal files so that they are inaccessible or even completely lock you out of your computer. The amount of money demanded usually ranges from £50 to over £1000. Ransomware can target a specific individual, a small-to-medium sized organisation, or even whole cities.

Types of Ransomware

There are two main types of ransomware, which include encrypting ransomware and screen lockers. Both of these demand a ransom but work in different ways.

Encrypting ransomware

Ransomware is often distributed as part of a Trojan horse. It will often disguise itself as something safe or useful, but when you open it, it will silently encrypt your personal files, like your documents, images, videos, databases, and spreadsheets. When your files are encrypted, they will have an extra file extension, making them inaccessible. In extreme cases, ransomware may even encrypt the whole hard drive, but most types of ransomware will only encrypt your personal files to ensure that your computer is still useable after encryption in order to get you to pay the ransom.

When your files are encrypted, you may get a message in a text file, which says something like "Oops, your files have been encrypted." or "Don't worry, you can still recover your files. Price of the decryption tool is £400". It will then include instructions on how to pay the ransom, often by Bitcoin or PayPal. It may also claim that it can decrypt up to one file for free. Cybercriminals use very complex encryption algorithms to encrypt files and prevent them from being decrypted without paying the ransom.

Screen lockers

Screen lockers are designed to lock a computer, but they don't encrypt any files. If the ransomware locks you out of your computer, it will often be a fake message that pretends to be from the FBI, saying that you must pay a ransom to gain access to your computer.

When starting your computer, you may see a fake government seal which says that you have done something illegal and that you have to pay a fine using an electronic payment method to gain access to your computer. This is always a scam as official government organisations would never block access to a computer. Instead, they would go through the official legal procedures.

What To Do If My Computer Is Infected With Ransomware?

Once a computer is infected with ransomware, there are a number of negative effects. The most obvious negative effect is data loss. Therefore, it is much better to prevent a ransomware attack than to try and remove it. However, if your computer is infected with ransomware, there are some things that you can do, which are explained below:

Use a backup

The easiest way of dealing with a ransomware attack is to use a backup of your files that you have had before. If you have a backup, you can easily recover your files that you had before the ransomware attack, as long as the backup is not corrupted. This is one of the reasons why it is important to regularly backup your files.

Scan your computer for viruses

If your computer is infected with a ransomware virus, you should scan it with a strong antivirus. After the scan has finished, remove any malware that it detects. Whilst this won't decrypt your files, it will detect and remove any other malware that the ransomware has installed on your computer.

Search for a decryption tool

If your files have been encrypted, you should also search for a decryption tool that can decrypt your files that have been made inaccessible by the ransomware. You will have to research this carefully and find a tool that is capable of decrypting your files, based on the ransomware variant. It might not be possible to decrypt your files as the tool may not be able to decrypt the ransomware variant your computer is currently infected with, especially if it is a new variant. Since very complex encryption algorithms are used, you probably won't be able to decrypt your files, but it is worth researching this.

Unfortunately, if there isn't a decryption tool for the ransomware variant and you don't have a backup, then your files are gone with no way of recovering them. But, in the future, there may be a decryption tool that can decrypt files based on the ransomware variant your computer is infected with.

Reset your computer to factory settings

This is the last resort and you should only consider resetting your computer to factory settings if the ransomware cannot be removed and has encrypted so many files that your computer is unusable. This will erase all your data and give you a fresh start, which will remove any malware that is installed on your computer.

Note: Info Icon

DO NOT pay the ransom. It doesn't guarantee that you will be able to recover your files. It only guarantees that the creators will receive your money, which may encourage them to create even more malware. It could also lead to more demands to pay money.

History

The first ransomware attack ever documented was the AIDS Trojan in 1989. The AIDS trojan was created by Joseph Popp. The program would record the number of times the computer was booted. Once it reached 90, it would hide the directories and encrypt or lock the names of the files on the C drive. In order to regain access, the users would have to pay $189 to get the decryption key. However, the decryption key was included in the ransomware's code and could be found without paying the ransom.

In September 2013, the CryptoLocker Trojan horse was released and infected computers all around the world. It mostly spread through email attachments. The files on a user's hard drive were encrypted by CryptoLocker, which then demanded money from them in exchange for the decryption key from the developer of the ransomware virus. A number of clone ransomware Trojans were also found in the next few months. It was estimated that over $27 million was paid by victims as a ransom.

In 2017, a worldwide ransomware outbreak called WannaCry occured. The malware was spread through exploits that were made public in the 2016 NSA hacking toolkit leak. A "death switch" concealed within the ransomware was discovered and activated by a UK cybersecurity researcher that was working with others shortly after the news of the infections went viral on the internet. This successfully stopped the malware's initial wave of global transmission. The next day, researchers said that they had discovered fresh malware variants that were missing the kill switch. WannaCry infected over 230,000 computers across more than 150 countries. It demanded a $300 ransom for each infected computer.


Feedback

  • Is there anything that you disagree with on this page?
  • Are there any spelling, grammatical, or punctuation errors on this page?
  • Are there any broken links or design errors on this page?

If so, it is important that you tell me as soon as possible on this page.


Comments