What is Ransomware & Prevention

Ransomware (RW) is a software which infects computers in various ways, blocks computer usage and requests a ransom in return.

RW has a past for over 20 years. It gained popularity by Cryptolocker (2013-2014) and Wannacry (2017) attacks & known public damages.

Generally, RW has two main variants:

  1. Encrypting RW: After infection, it encrypts all files and convert them to an unusable format, and requests a ransom in return.
  2. Locker RW: After infection, it blocks access to computer system by various methods and requests a ransom in return.

Besides, there are variants called Doxware & mobile RW, which are less popular.

 

Please find the figure showing the percentage of RW variants identified between 2005-2016 (Source-Symantec):

 

 

As you can see, Encrypting RW ratio has a massive increase.

 

In addition, please find identified Encrypting RW variants for the last 10 years (Source-F-Secure):

 


Variants like Wannacry are not only effecting the user, but also effects all users on the network and crashes the whole IT system.

 

Infection Methods:

 

In brief, RW infects systems with the following methods:

 

Prevention Methods:

 

Even antivirus companies take precautions and actions, users are vulnerable during reaction period. Mostly the ransom payment request is Bitcoin currency and decryption is almost impossible by paying the amount. Besides, there is a time limit for panicking the victim.

Please find a sample ransom message below:

 

 

For these reasons, self-protection is vital. Please find prevention methods in brief below:

 

 

As seen, there can be many detailed and correct info about the user.

 

 

 

To summarize, personal attention and prevention methods are still the most important methods for avoiding RW problems.

 

August 2017

Author: Ali Bekisoglu

 

Disclaimer: Intra Informatics Inc. does not warrant accuracy, reliability and faultlessness of the content published in this blog. Our company will not be liable for any direct or indirect losses and damages in connection with the use of these content. No part of this published content may be reproduced or quoted without providing reference.