Advertisement

Ransomware - The Black Plague of the Internet

Allan Smith
Updated ·6 min read
0

Ransomware is one of the most common and by far the most dangerous of all cyber threats that plague the vast plains of the almighty Internet. Its stealth and the incredible difficulty of tracing the criminals behind it are responsible for making it the most feared type of computer virus ever. What this malware does is sneakily infiltrate one's PC, exploiting vulnerabilities in the system or alternatively employing the help of a Trojan horse virus for the purpose, after which it proceeds to encrypt some of the files stored on said computer. Once the encryption is complete, the virus places a ransom note on the victim's screen. The note typically aims to inform the user of the encryption process that had taken place, as well as emphasize on the fact that the coded files will remain inaccessible until a certain amount (ransom) is paid to the hackers in return for a decryption key, which is essentially needed in order to decrypt those files. On some occasions the ransomware might even attempt to impersonate legal authorities, claiming that the files have been suspended due to allegedly detected criminal or other illegal activities on that computer. The ransom would in such a case be called a fine or similar, all in order to scare the user into falling for the scam and transferring the demanded money.

As pointed out, the ransomware threat has become so huge over recent years because of how difficult it is to track down the hackers, who actually benefit from it. This is true because of the payment methods they demand victims use to transfer the ransom: bitcoins. The popular cryptocurrency is notoriously elusive and thanks to this fact cybercriminals are capable of making millions of dollars in ransom money. To be precise, the FBI has estimated that a whopping $18 million are lost to ransomware by both businesses and private persons alike every week. And, as sad as it is, there's little to no getting around it without paying the hackers, as files that have been encrypted by the latest versions of ransomware viruses are not susceptible to decryption via brute force algorithms. In fact, according to a recent survey of tech specialists in the UK, entire companies in the country are stocking up on bitcoins in case of a potential infection with a cryptovirus. That knowledge alone is not only frightening, it's indicative of how increasingly helpless we, as a society, are becoming in the face of this global cyber threat.

But ransomware isn't only limited to targeting separate computers. It's evolved to the point, where entire websites and web servers can fall victim to this menace. A ransomware virus could infect a host-machine, from which it would begin encrypting all of the files on a given website: the images, databases, code libraries, etc. As a result, the website becomes effectively unusable. The CTB-Locker virus is a striking example of this type of website-locking malware. Viruses of this type exploit security holes in the web server and usually tend to be of political character, as opposed to attacking random enterprises. And speaking of enterprises, they are becoming an ever more appetizing target for cybercriminals, for obvious reasons. Businesses are more likely to pay larger amounts, as the information they could potentially lose to a ransomware infection could render them bankrupt or severely incapacitated. One such infamous perpetrator that made the news headlines and ended up costing organizations quite the pretty penny was the Cerber Ransomware. And to show just how diverse this dark side of programming can get, the recent outbreak of the Zepto Virus, which was a direct continuation of the infamous Locky virus campaign, left the affected users unsure of which of their files were which and where they were placed. The Zepto ransomware scrambled the names of the files, as if encrypting them weren't enough, in order to make sure the victims could not determine which of the encoded data was actually important to them and which they could have gone without recovering.

Another crucial component, as mentioned earlier, to the unheard of success that ransomware is currently enjoying is the fact that most times it goes completely undetected. This is largely due to the fact that modern versions of the cryptovirus have already bypassed the need their predecessors had of client-server communications. Today they can run autonomously on the victim's computer, which has greatly contributed to them being able to avoid bot prevention mechanisms and detection in general. The Bart Ransomware was among the first to introduce this concept, but though this may sound very sophisticated, its encryption methods were surprisingly simple. Instead of using some elaborate mechanisms, Bart simply placed the affected files in separate password protected zip archives. But so far we've only recounted versions of ransomware that all share the same trait: they encrypt specific files, like pictures or documents, which is all very mild and tame in comparison to one particular version that doesn't play nice at all. The Petya virus blatantly encrypts your entire hard drive, without burdening itself with the task of distinguishing various file types.

With all that fear-inducing information it's important to use it to your benefit, rather than succumb to an attack you allowed to occur due to lack of knowledge on the matter. What's more, the measures necessary to prevent such an infection are so fundamentally simple that literally anyone and everyone should be able to apply them. For starters, you can make regular backups, be it on external drives or clouds, of all your important data. This way, even if your computer does fall prey to the dreadful malware – it won't really do you much harm. Building up your barriers, you should always keep your eyes peeled for software updates. Sadly, many people neglect the need to update the programs on their devices, but these are vital moments and ought to be treated as such. Software developers come up with constant updates for a reason: it's to fix existing vulnerabilities within the given program; vulnerabilities that ransomware could potentially exploit to enter your machine. And finally, as ransomware is very often downloaded on a computer by a Trojan horse that was programmed to do so, it's important to pay close attention to incoming emails, especially those containing attachments. If for whatever reason you see a given email as suspicious, it's best to avoid opening it at all. Preventing the problem is always a hundred times better than dealing with its consequences.