What Actually Is Ransomware

Probably everyone has heard the term “ransomware” or “encryption trojan” over the past few years. Or was even affected by it. In its 2017 report on the IT security situation in Germany, the BSI named ransomware as one of the most common attack methods used by cybercriminals. But what exactly is ransomware?

What Does "ransomware" Mean?

The term “ransomware” is made up of the two parts of the word “ransom” and “ware”. While “ransom” can be translated as “ransom”, the ending “ware” is often used to name programs, such as software and malware.

The meaning of ransomware can also be derived directly from the name. It is a ransom demand program. But for what?

What Does Ransomware Do?

How ransomware works can be summarized relatively quickly. As soon as a system has been attacked, files are encrypted, which means that they can no longer be opened or executed. A ransom is required for decryption. In most cases, this should be paid in Bitcoin. It is officially advised not to pay the ransom, as this is no guarantee of decryption. The ransomware usually makes itself noticeable through a so-called "lock screen" on which a message appears that your data has been encrypted and instructions for decryption, i.e. a ransom note including bank details and deadline.

What is encrypted varies from case to case. The encryption can only refer to individual files or to the entire infected system.

Probably the best-known distribution mechanisms for ransomware are the sending of emails with malicious attachments, drive-by downloading when surfing on infected websites and direct downloading of infected programs. The latter can also happen unknowingly by clicking on an unknown link. With the ransomware WannaCry, the spread of ransomware came in 2017 by exploiting a software vulnerability.

However, the very first known ransomware was not sent in any of these ways. In 1989 the biologist Dr. Joseph L. Popp, using floppy disks that he gave away at a WHO AIDS conference, his encryption Trojan. About 1,000 of his 20,000 floppy disks successfully installed the ransomware. Its reasons are still unclear.

What Are the Goals of Ransomware?

The aim of ransomware is to extort sums of money. However, the target systems are different. Since ransomware is widely distributed and usually does not have a specific system as its target, private individuals are just as affected as companies.

However, ransomware developers are becoming more and more sophisticated. In 2016, for example, there was ransomware called “Locky” that spread within a few days, mainly in Germany. The reason for this was that the email with which Locky was sent looked deceptively real and was written in German. Another encryption Trojan was shipped less than a month later. Disguised as an adviser to the BKA including an alleged analysis tool called "BKA Locky Removal Kit.exe"

How Can You Protect Yourself Against Ransomware?

Training your own employees about security awareness provides reliable protection against ransomware for companies.

Since ransomware exploits users' curiosity, the following general behavioral tips always apply:

1. Do not open any attachments that you have not requested.

2. If an attachment could contain important information, ask the sender.

3. Error messages/reports with attachments also contain viruses. Therefore, administrators should also be careful.

4. Do not start a program from the Internet or a friend that you are not sure is completely virus-free.

5. For all systems, security updates should be imported regularly!

6. Use a virus scanner like total security and do not switch it off. Only a scanner that is updated regularly (hourly) fulfills its purpose.

7. Take regular backups.

Ask Me about Antivirus Security

Search This Blog

All-Out Mess: Do You Know What's Going on On Your Firewall | Antivirus Software