It’s quite common that people are held for ransom, especially when their relatives are well off. A person is taken hostage and kidnappers ask their relatives to pay huge sums if they want their beloved ones back and unharmed. Sometimes ransoms are paid and the victim returns back home while on some occasions, authorities intervene in time to save the life of victim as well as his/her kin’s dough. And sadly, on some occasions, people also have to lose their lives.
Computers have become so much important for people in today’s world and the data stored in them of much greater worth that nowadays, even computers are held for ransoms. But how? This takes place trough malicious softwares called ransomwares? Below, we make an in-depth analysis of ransomwares, which though being present since a long time ago, have become quite notorious as of lately.
What is a ransomware?
Ransomware is a type of malicious software which controls the access to the computer which it has infects, and asks for a ransom to be paid to the malware creator if that restriction is to be removed. Some ransomwares work by encrypting the files on the hard drive of computer whereas others lock the infected system and display messages enticing the user of the system into paying a certain sum of money. They were popular initially only in Russia but their notoriety has spread to other countries too over the years.
How do they work?
The infection of a computer system by ransomware takes place just like the conventional computer worms. They enter a system through file transfer or through insecurities over the internet. Then the malicious software will begin to run a payload. In one type of this malware, this will begin to encrypt files stored on the hard drive of the computer. The author of the malware only know of the way to decrypt the file. Meanwhile, in other type of malware, the interaction to the system itself is prohibited. And after that, in order to extort money from the user, various techniques of creating fright are employed. This includes displaying messages that activation period of windows has expired or like authorities have identified pornographic materials on the system and the user will be sued. The users have to pay the ransom, which is paid through wire transfer or bitcoins. The system returns back to normal life after the authors of the ransomware send a program which will decrypt the files or an unlock code is send, which undoes the harms done by the ransomware.
How have they evolved since their genesis?
The first ransomware in the world was seen in 1989. It was called “AIDS Trojan” and created by Joseph Popp. The malware operated by claiming that the user’s certificate to use a particular software had expired and had encrypted filenames on the hard drive. It asked users to pay 189 USD if they were to unlock the system. Adam L. Young and Moti Yung in 1996 introduced the concept of public key cryptography into ransomwares. The major ransomwares known lately as TROJ.RANSOM.A, Gpcode, Cryzip, Archiveus, Krotten, MayArchive, Reveton and CryptoLocker.
How to protect your computer from ransomwares?
There are two sides of this question. They are answered below.
What to do before computer is infected by ransomwares?
1. Use a good antivirus utility.
2. Do not open unexpected attachments and spams.
3. Keep windows and browser updated.
4. Keep a good backup of your files as it could be hard to recover the files when computer is infected.
What to do if the computer is infected by ransomwares?
Remove the ransomware:
1. The simplest ransomwares like a fake antivirus or a fake clean-up can be removed by running Windows in Safe Mode and running an on-demand worm scanner like Malwarebytes.
2. If ransomware prevents users from entering Windows or running a program like lock-screen viruses, System Restore can be used to roll back Windows in time.
Recover hidden and encrypted files:
1. Sometimes the infecting malware doesn’t encrypt the files but simply hide it. It can be easily recovered by enabling “Show Hidden Files”.
2. But what if the files are encrypted? Well, the answer’s hard. If you want the files back, you have to pay the author of the ransomware. And, it isn’t guaranteed that he’ll enable you to retrieve your files i.e. he’ll send you the decryption program or the unlock code. So it’s best to prevent the infection itself and keep a good backup of your files.
What are your thoughts on these ransomwares? Have you ever been affected by these ransomwares? And, what do you have to say on our in-depth analysis of ransomwares? Was it helpful? Feel free to comment below.