What is Ransomware and How to Protect Yourself | Antivirus Software

Ransomware

Ransomware or ransomware is malicious software that can lock down a device or encrypt its content in order to extort money from its owner. In return, the creators of the malicious code promise, of course, without any guarantee, to restore access to the affected machine or data.

What is Ransomware?

This specific type of malware is used for extortion. When a device is attacked, malware blocks the screen or encrypts the data stored on the disk, then the victim is presented with a ransom note with payment details.

How do you recognize ransomware?

If you are a victim of ransomware, you will be notified by the appearance - in most cases -  of a ransom message on your screen, or by adding a text file (message) to the affected folders. Many ransomware families also change the extension of encrypted files.

How does ransomware work?

There are several techniques used by ransomware operators:

• The "disk blocker" ransomware encrypts the entire disk and prevents the user from accessing the operating system.
• The “ screen lock ” blocks access to the device screen.
• The ransomware "scrambler"  (crypto-ransomware) encrypts data stored on the disk of the victim.
• The PIN blocker targets Android devices and changes their passcodes to lock out access to their users.

How to stay protected?

Basic rules to follow to avoid the loss of your data:

• Back up your data regularly and keep at least one full backup offline
• Keep all your software, including operating systems and antivirus software, on the latest versions available, through patches and updates offered regularly

However, a reliable and multi-layered security solution remains the most effective option to help users/organizations recognize, prevent, and remove ransomware.

Advanced rules more specific to companies

• Reduce the attack surface by disabling or uninstalling unnecessary software and services
• Scan networks for risky accounts using weak passwords
• Limit or prohibit the use of Remote Desktop Protocol (RDP) from outside the network or enable network-level authentication
• Use a virtual private network (VPN)
• Check firewall settings
• Examine the traffic policies between the internal and external network (internet)
• Configure a password in the configuration of your security solutions to protect them against attacks
• Secure your backups with two or more factor authentication
• Regularly train your staff to recognize and deal with phishing attacks

Ransomware/Ransomware history

The first documented case of ransomware was in 1989. Named the AIDS Trojan, it was physically distributed by mail via thousands of floppy disks that claimed to contain an interactive database on AIDS and the risk factors associated with the disease. When triggered, the malware effectively disabled user access to most of the content on the drive.

AIDS Trojan demanded a ransom (or as the named ransom note, "license payment") of US $ 189 to be sent to a PO Box in Panama allowing the user to run the program 365 times. Dr. Joseph Popp has been identified as the author; however, the authorities declared him mentally unfit to attend his trial.