18 March 2022
Ransomware Definition
Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files until a ransom is paid. More modern ransomware families, collectively categorized as cryptoransomware, encrypt certain file types on infected systems and force users to pay the ransom through certain online payment methods to get a decryption key.
Ransom Prices and Payment
Ransom prices vary depending on the ransomware variant and the price or exchange rates of digital currencies. Thanks to the perceived anonymity offered by cryptocurrencies, ransomware operators commonly specify ransom payments in bitcoin. Recent ransomware variants have also listed alternative payment options such as iTunes and Amazon gift cards. It should be noted, however, that paying the ransom does not guarantee that users will get the decryption key or unlock tool required to regain access to the infected system or hostaged files.
How Does Ransomware Spread
Users might encounter this threat through a variety of means. Ransomware can be downloaded onto systems when unwitting users visit malicious or compromised websites. It can also arrive as a payload that is either dropped or downloaded by other malware. Some ransomware are delivered as attachments from spammed email, downloaded from malicious pages through malvertisements, or dropped by exploit kits onto vulnerable systems.
Once executed in the system, ransomware can either lock the computer screen or, in the case of cryptoransomware, encrypt predetermined files. In the first scenario, a full-screen image or notification is displayed on an infected system's screen, which prevents a victim from using their system. This notification also details instructions on how a user can pay the ransom. In the second scenario, ransomware prevents access to potentially critical or valuable files like documents and spreadsheets.
Ransomware is considered "scareware" as it forces users to pay a fee (or ransom) by scaring or intimidating them. In this sense, it is similar to FakeAV malware, but instead of capturing the infected system or encrypting files, FakeAV shows fake antimalware scanning results to coax users into purchasing bogus antimalware software.
The History and Evolution of Ransomware
Cases of ransomware infection were first seen in Russia between 2005 and 2006. Trend Micro published a report on a case in 2006 that involved a ransomware variant (detected as TROJ_CRYZIP.A) that zipped certain file types before overwriting the original files, leaving only the password-protected zip files in the user’s system. It also created a text file that acted as the ransom note informing users that the files can be retrieved in exchange for US$300.
In its earlier years, ransomware typically encrypted particular file types such as .doc, .xls, .jpg, .zip, .pdf, and other commonly used file extensions.
Read From Source
