What is Ransomware?

The malicious program that encodes a victim's files is known as ransomware, or encryption malware.

What is Ransomware?
What is Ransomware | Image credits: Kaspersky

Encryption malware, or "ransomware," as it is sometimes called, is a type of malicious software that encrypts a victim's files. Upon paying a ransom, the attacker promises to restore the victim's access to the data. Users are given directions on how to pay for the decryption key with the given fee. Cybercriminals often ask for money in Bitcoin for the ransom, with payments ranging from hundreds to thousands of dollars.

Ransomware uses multiple ways to invade a machine. Most users fall prey to email attachments that seem to be other files. They may even take over the user's computer, especially if they come with built-in social engineering tools that fool the user into giving them administrator access. More vicious kinds of ransomware, such as NotPetya, infect machines by exploiting security weaknesses, rather than by relying on deceiving people.

Encrypting user files is by far the most typical activity that malware does on a compromised machine. If you are curious about the technical specifics, you may choose to refer to the Infosec Institute, which has a detailed write-up on how numerous types of ransomware encrypt files.

Even while the most significant aspect of the assault is that the files cannot be decrypted without a secret mathematical key known only to the attacker, that is not the most crucial detail to understand.

The user is then told that they would only be able to decrypt their files if they transfer an untraceable Bitcoin payment to the attacker.

Attackers may pretend to be law enforcement officials warning their victims that their computers are being taken offline because they contain pornography or unlicensed software, and demanding a payment for its release. In some cases, this may hinder victims from informing authorities about the incident.

However, most offensive methods do not take into consideration this act of good faith. In one variant of ransomware, known as leakware or doxware, the attacker threatens to make sensitive data on the victim's hard drive publicly available unless the victim pays a ransom. But because attackers have a difficult time obtaining and using such information, encryption ransomware is the most popular variant.

Who is a potential victim of ransomware?

There are a number of methods that attackers might use to decide which firms they are going to target with ransomware. Attackers might target universities because of a disparity in security personnel and because they tend to have a large number of students, who do a lot of file sharing, making it simpler to penetrate their defenses.

For another group of businesses, though, ransom payments are more likely since they're more susceptible to being kidnapped. It is also important for the files to be easily accessible for government organizations and hospitals. Law firms and other businesses that are especially concerned about keeping their data private may be willing to pay to make sure a breach is kept under wraps — and they may be more susceptible to breach attacks that exploit leakware.