What is Ransomware?

Ransomware is increasingly in the news. It is a form of cybercrime that is very successful. Why is ransomware so successful? And what examples of ransomware are there in history? These questions are addressed in this article.

Ransomware is malicious software (malware) that makes data or a computer system inaccessible for the authorized user.

In other words, the hacker installs malware on the systems that prevent the actual users from accessing their files. By paying a ransom to the hacker, he will release the files. If the victim cannot pay the ransom in time, they often threaten to destroy the data permanently or increase the asking price.

How does ransomware work?

Ransomware usually spreads through phishing emails, malicious downloads or through vulnerabilities in software. Once the ransomware invades a system, it begins encrypting files using a unique encryption key. The data is rendered inaccessible and the user is shown a message explaining that their files have been locked and that they must pay a certain amount of ransom to obtain the decryption key.

Is ransomware the same as malware?

No, ransomware is not the same as malware, but it does fall under the broader category of malicious software (malware). Malware is an umbrella term used to describe various types of malicious software designed to infiltrate computer systems, damage or steal data, or perform other malicious activities.

Ransomware is a specific form of malware that aims to encrypt files or block access to computer systems, with the goal of pressuring victims to pay ransom. The main characteristic of ransomware is that it “holds” users’ data hostage and only releases it after the ransom is paid.

Other forms of malware can have different goals, such as stealing personal data, spying on users, damaging files or disrupting computer systems. Examples of other malware variants include spyware, adware, trojans, worms and viruses.

Although ransomware is a specific form of malware, it is important to understand that not all malware is ransomware.

Is ransomware a major threat?

Ransomware attacks are all too common these days. It has greatly affected businesses around the world. Currently, mainly larger companies and important agencies are victims, but this trend is increasingly shifting to small and medium-sized businesses as well.

Protecting your business against ransomware

Ransomware attacks can cause significant financial, reputational and operational disruption. Protecting against this threat requires a combination of proactive measures and awareness. Here are some key steps you can take to protect your business from this problem:

Keep your systems up-to-date: Make sure your systems have the latest updates. Especially when it comes to patches regarding security, it is important that you install them as soon as possible.
Backups: Depending on the needs of your organization, you should have backups. Should things go wrong, this way you can quickly restart your operations. Of course, it is important to make sure your backups are clean of any kind of infection.
Make sure you have a plan: What steps do you take once your business is hit by ransomware? Unfortunately, the truth is that companies don’t think about this until it’s too late. And when it’s too late, they often choose to pay the ransom. Make sure this doesn’t happen to you and proactively set up a plan in case your business is affected. It is also advisable, for example once a year, to carry out the steps in the plan. This way you will be optimally prepared during the most severe scenario.
Detection software: There is software available that you can use to recognize known malware and other types of malicious software. You can also choose an Intrusion Detection System or Intrusion Prevention System, for example.
Awareness: Social engineering is one of the most common techniques through which ransomware can be installed on systems. Educate yourself (and your employees) on identifying spam, rogue websites and other types of fraud. Emploware can support you in this regard with our cyber security awareness trainings and phishing simulations.

Real-life examples of Ransomware

By learning more about some of the key Ransomware attacks, you will gain a better understanding of how your organisation can fall victim to this incident. Be sure to read our tips on how to protect your organisation from ransomware as well.

WannaCry

As many as 250,000 computers around the world were infected with the ransomware virus WannaCry before it was disabled by a killswitch. Proofpoint helped to find the killswitch sample and deconstruct the malware.

CryptoLocker

This ransomware encrypts a user’s hard disk and network devices and requires payment in bitcoin. Cryptolocker was distributed via email attachments disguised as FedEx and UPS tracking notifications. A decryption tool was released for it in 2014. CryptoLocker is said to have caused up to $27 million in damage.

NotPetya

NotPetya is considered one of the most damaging ransomware attacks and follows in the footsteps of its namesake Petya. This ransomware attack infected and encrypted the master boot record of Microsoft Windows computers. It spread quickly because it exploited the same vulnerability as WannaCry and demanded a bitcoin payment to erase the changes it had made. NotPetya is not actually ransomware, as the computer was not recoverable. The codes used to identify the user were randomly generated. In English terms, we call this a ‘wiper’.

Bad Rabbit

Bad Rabbit was considered a relative of NotPetya and seemed to visibly target media companies in Russia and Ukraine. It was distributed with the same code and vulnerabilities. Unlike NotPetya, Bad Rabbit allowed decryption if the ransom was paid. According to most reports, it was distributed via a fake Flash Player update that could infect users via a drive-by attack.

Ryuk

Ryuk is another ransomware virus that is becoming increasingly common. New variants of this virus are developing and, according to the French cybersecurity agency (ANSSI), are able to spread themselves to Windows machines on a local network. By deleting the infected user or changing his/her password, the virus seems to be able to be countered.

How can I remove ransomware?

Removing ransomware can be a challenging process, but there are steps you can take to remove the malicious software from your system. Here are some general steps you can follow:

Isolation: Disconnect the infected computer or device from the network immediately to prevent further spread.
Identification: Try to identify which variant has infected your system. This can help you find specific removal instructions or decryption tools, if available.
Antivirus software: Make sure your security software is up-to-date and run a full system scan. This software can help detect and remove the rogue software from your system. Follow your security software’s instructions for removal.
Use antimalware tools: Consider using specialized antimalware tools specifically designed to detect and remove ransomware. These tools can provide additional capabilities to effectively eliminate the problem.
Restore from a reliable backup: If you have made regular backups of your files, consider restoring your system from a reliable backup made before the infection. This can help restore your files to a previous, non-infected state.

It is important to remember that removal steps may vary depending on the specific variant of ransomware and the extent of the infection. When in doubt, it is always best to seek professional help.

FAQ Ransomware

Should I pay a ransom for a Ransomware attack?

It is generally not recommended to pay a ransom in such an attack. Paying a ransom encourages cybercriminals to continue their malicious activities and perpetuates this ecosystem. Moreover, there is no guarantee that paying the ransom will actually lead to recovering your encrypted files or unlocking your system.

What types of ransomware exist?

Ransomware comes in several forms, including encryption, locker, master boot record (MBR) and mobile ransomware, as well as scareware. Encryption ransomware encrypts files, while locker ransomware locks the system. MBR ransomware targets the boot sector, while mobile ransomware affects mobile devices. Scareware uses false notifications to trick users.

Is ransomware a virus?

Ransomware is often described as a form of malware, but it is not exactly the same as a traditional computer virus. Although both are malicious software, there are several differences.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ransomware