It is extremely important to keep an eye on the data being shared over the Internet, as currently there is a growing trend: Ransomware attacks worldwide. Statistics reveal that a ransomware attack occurs at least every 20 seconds. So, what is ransomware? Ransomware is a type of malicious software that hijacks data from computers, including Android and Mac platforms that have also become a target for this type of attack.
Unlike other malicious software, ransomware is a type of attack perpetrated by cybercriminals who demand the payment of a ransom to recover stolen data.
So, how do you know that you have been attacked by ransomware? Depending on the attack and the type of software, it will be obvious that you will not be able to access your files or operating system. A message with payment instructions will appear on the screen promising data recovery, however, usually once payment is made you get nothing back.
One of the ways to determine whether it is a ransomware is to check which variant you are a victim of, there are several ways in addition to the one mentioned above (the targeted attack), also through the form of phishing by email many attacks are carried out, which usually have great effectiveness, since many users and employees of large companies do not check in detail the source of the links they open from their computers. In addition, some of them are really misleading since they imitate many characteristics of companies, applications or users, such as logos, in a very effective way.
The following is an example ransom note for a ransomware known as Scarab-Artemy. This ransomware asks users to pay in bitcoins. The ransom note instructs victims to email the criminals for more detailed instructions on how to acquire them. They ensure that when the money transfer is confirmed, you will receive the decryptor of the files.
The ransom note is titled “HowtoRestoreEncryptedFiles.txt”. The ransom note reads as follows:
We sincerely apologize for the inconvenience. Unemployment in my region forced me to encrypt your files!
This is not a fraud, but a necessary measure. If you comply with the recommendations, your files are guaranteed to be decrypted.
Personal ID: 6A0299900000000***353BA3E
To recover your database, documents, photos and other important data you must purchase a decryptor. To do so, you need to send an email to: xxxxx@protonmail.com . If you have do not receive a response within three hours, please send it to the following addresses: xxxxxx@cock.li , artemy75@xxxx.com . The personal identifier must be provided in the mail.
As can be seen, the ransom message makes the user believe that the procedure is a “necessary measure”. Typically, the documents that suffer most from this type of encryption are text files, OpenOffice, MS Office, databases, music, photos, videos, archives, among others.
Not only individual users but also large companies should invest more time and resources in educating their employees to pay more attention to checking the origin and reliability of the communications and emails they receive in their email accounts, personal and work social networks. It is also of utmost importance to keep operating systems up to date, to frequently check the status of the system and files, and to have one or, preferably, two backup copies that you can count on in case of an attack, and thus avoid falling into the criminals’ game.
Another type of ransomware that is very common, although more difficult to recognize, is that of antivirus. This type of malware disguises itself as a friendly platform and invades the computer in such a way that the user administrator loses control over his computer. That is why when installing an antivirus it is best to use the most recognized options that offer some kind of guarantee that the product is reliable, ensuring to make the purchase and download the product from the official website of the software.
A malware that is ransomware, such as CryptoLocker, is recognized as one of the most destructive ones lurking on the internet, infecting millions of computers worldwide and also raising millions of dollars and euros, as well as a significant sum of bitcoins. It is one of the most famous and profitable ransomware that is known and threatens many users around the world.
Now, the best way to stop such criminals is not to react to such threats and communicate directly with professionals who can recover their data without mediating with hackers. Keep in mind that attackers use the state of fear and alarm that seizures users and businesses by assuming that their sensitive and private files could be exposed or deleted. However, unless it was a selective attack, criminals are unlikely to do an accurate scan for this or any type of file more specifically.
There are different companies around the world that professionally and securely help recover files and computers that have been compromised with ransomware malware, and improve their security to prevent future attacks. Such enterprises have the necessary tools and qualified professionals for the task. Keep in mind that it is not always possible to recover all lost files, however there is a better chance of doing so by approaching a professional.
Finally, remember that it is not advisable to pay the ransom since the attackers could label you as someone willing to pay and reoffend in other attacks against your company or computers.