• Cybersecurity

What is ransomware and how does it work?

The term ransomware is becoming more and more common on the Internet. Ransomware is an attack on computers or servers by cybercriminals using malicious software that seeks to take control of the infected computer and its contents, or specific data hosted on a server. Recovery requires the payment of a ransom that, depending on the damage, can be in the millions of dollars. Hackers leave detailed instructions for the ransom payment.

Hackers using ransomware have become increasingly prominent as they have been able to perpetrate major attacks in the millions, such as the attack on the University of California, San Francisco (which is currently working on a vaccine against the coronavirus), earlier this year, in which the criminals managed to obtain $1.4 million in a covert deal, according to BBC Mundo.

The British media also notes that “Cybersecurity experts say such deals are taking place around the world, sometimes for even larger sums, which contravenes advice from security organizations such as the FBI, Europol or the UK’s National Cyber Security Centre.”

Another major case, although successfully thwarted, was the attempt to obtain 5 million Bitcoins (BTC) in a ransomware attack by hackers on the Mexican state-owned oil company PEMEX, according to information confirmed by Petróleos Mexicanos.

How does ransomware work?

Usually, malicious ransomware software is disguised as user-friendly files that are of interest to the user, thus inviting them to click (phishing). These files can be hosted within commonly used programs and applications, for example, social networks, instant messaging apps, email attachments posing as trustworthy people or services, videos from unverified pages or whose origin is dubious, or updates available for different programs that initially might seem harmless, but in reality are ransomware.

Once the user has given consent to host the ransomware software on their server or computer (which is activated once they naively click on these files mentioned above), the malware is set in motion, causing the entire operating system running on their computer to crash and consequently hijacking all of their data. File encryption occurs in a matter of seconds, so you will have little or no response time.

Most common types of ransomware

Ransomware types are divided based on how they affect the infected computer, the most common examples of ransomware include:

  1. Computer Blocker Ransomware: This type of ransomware, as its name suggests, is a malware that infects your computer and prevents you from accessing the computer’s interface, making it impossible to use your computer. This type of ransomware will tell you, when booting your computer, who is the author of the attack and the instructions to make the payment of the supposed ransom for your data, since there is the possibility of not recovering anything even if the payment has been made.
  2. Data Blocker Ransomware: This type of ransomware, also known as crypto ransomware, can become even more dangerous than the previous example, as they not only block the main access to the computer, but also have access to your files. This type of ransomware carefully scans the files on your computer for valuable information and then changes their extension. The criminals leave a visible and available message with payment instructions that will supposedly provide you with a “decryption code”.
  3. Ransomware “scareware”: This type of ransomware disguises itself as antivirus software on your computer, and its modus operandi consists of pop-up windows indicating a supposed problem with your computer. The scareware does not request money directly, instead, it pressures its victims to purchase the latest antivirus update on the premise that it can help you fix it, when in fact it is ransomware malware.
  4. Ransomware “leakware”: This type of ransomware is primarily responsible for working with the fear of victims, threatening them to post their private content not to receive the payment they demand. Typically, this type of ransomware does not scan for sensitive files, instead, criminals take advantage of the fact that sensitive information is usually stored on computers and servers to generate a state of alarm.

Some of the most notorious ransomware known for their destruction level have infected millions of computers worldwide, collecting millions of dollars and bitcoins in ransom payments. Such is the case with CryptoLocker, famous for being one of the most profitable ransomware out there.

Ransomware is also offered as a service. Such is the case in the dark web, where hackers, under a specific agreement with the contracting party, develop malicious software code and deliver it to potential victims in different countries.

To avoid becoming a ransomware victim, it is important to consider the idea of having a certified antivirus on your computer, since the renowned programs usually have a component that is responsible for decoding ransomware attacks, allowing you to have your files protected and be able to act in defense against this type of software; in addition to being alert to the content you receive in your social media (for example, spam), messaging apps, emails, the information you download from your computer, among others. If the content you receive is of dubious origin, if it comes from a stranger, or if you notice a logo that appears to be a duplicate (i.e. forging the corporate image of messaging or email services; or any other company you know), it is advisable to refrain from clicking on it as it could probably be a malicious and dangerous software.

Learn more