Ransomware

Published under Glossary

What is it?

Ransomware depicts a type of malware (like Viruses, Trojans, etc.) that infect the computer systems of users and manipulates the infected system in a way, that the victim can not (partially or fully) use it and the data stored on it. The victim usually shortly after receives a blackmail note by pop-up, pressing the victim to pay a ransom (hence the name) to regain full access to system and files.

How does it work?

Attackers resort to different types of tactics to achieve their goals. One type of ransomware, like the notorious and sophisticated Cryptolocker encrypts the user's files with a key only known to the attacker. Another type of ransomware (like Winlocker) simply blocks access to the system but leaves the files untouched.

How is it used?

A user of a system infected with ransomware is usually confronted with an extortion message (in many cases a windows popup) asking the victim to pay a ransom fee to the attacker in order to regain access to their system and files. The already mentioned Cryptolocker accepts payments in the digital currency Bitcoins, which gives the attacker an additional layer of anonymity. In the case of Cryptolocker the victim, after payment, receives the key and the method to decrypt their files again and regain full access.

It is reported that criminals, their tools and their back office structure gets more and more sophisticated and (in a distorted way) more "user friendly". Not only the act of intrusion into a victims system is done with utmost precision and elaborate tools, but also the act of "supporting" the victim in restoring their systems receives more and more attention by the criminals. Some groups even offer helpdesk functionality for victims facing problems with bitcoins, payment or the application of the key.

How is it distributed?

Ransomware propagates via the same channels like other kinds of malware, like via phishing email, water holing – and other drive-by attacks. In rare occasions and for high profile targets ransomware might be planted by more sophisticated methods in a direct, targeted attack.

Considerations and recommendations

As really targeted attacks against end users in most cases are too costly for the attacker, ransomware normally is propagated like usual viruses, Trojans and other forms of malware, so the usual good practice to avoid these apply.

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies