What is Ransomware?

Ransomware is a computer program or application that holds its users to ransom in order to access their data or applications, most ransomware encrypts user data through public-key cryptography to prevent the users from being able to circumvent the ransomware ransom.

Ransomware often has a screen or ransom note displaying the required steps the user must undertake to decrypt or access their files, sometimes the ransomware may include a decrypting tool that requires a password or key for the user to decrypt their files.

How did I get Ransomware?

Ransomware is often installed by a user inadvertently or for large organisations can often be published through common software distribution platforms that have been compromised in a supply chain attack.

Ransomware can also be installed through other applications the user may have installed such as an application masquerading as a legitimate program. Sometimes ransomware can be disguised to look like something else or remain dormant in a machine until it is designed to activate to evade detection.

Ransomware is very popular among cyber criminals as its increased usage is generally due to its proven business model. Generally users pay the ransom to restore function to their computer. Ransomware is generally a new technique in computer crime.

How Does Ransomware Spread?

Ransomware spreads on home computers by encrypting data and demands the payment of a ransom in order to gain access again however it often spreads through businesses too. If a PC becomes infected if a hacker presents them with a ransom note.

Ransomware could spread to computers by exploiting security flaws in operating systems or software applications that have been exposed to the internet and picked up during automated scans of the internet looking for vulnerable software, then encrypts important information on those computers and demands payment from their users to decrypt them.

Good security practice at home can prevent ransomware,

  • Updating or securing applications that connect to the internet can prevent hackers exploiting security holes and bugs in the software.
  • Only run applications that you trust and are from trusted sources, websites or blogs may be designed to look legitimate as part of a baiting technique to get users to run the software. Especially free or hacked software that promise more than they actually deliver. Use common sense.
  • Typically ransomware enters your environment by being installed by home users or phishing. So make sure to know what reputable software is and the risks of running non-reputable software.

Does Ransomware Work?

Ransomware is very effective at extorting users according to recent trends in malware distribution. Mostly due to the fact that its effects are irreversible and generally the value trade-off for ransomware is essentially easier than tying to recreate or recover data.

Some ransomware gangs are starting to form branding to encourage businesses for payment and as a small guarantee they will see their data again.

Some companies have silently paid ransomware ransoms simply to avoid exposure.

Should I Pay the Ransomware Ransom?

Absolutely not, paying a ransomware ransom justifies the hackers efforts and proves their business model. There is large scale talks on how best to handle ransomware however the general consensus is not to pay, many organisations have paid to the disappointment of the information security community.

Generally backup and disaster recovery solutions, when implemented correctly such as cold or immutable backups should prevent ransomware attacks from preventing recovery.

Can I Get My Data Back Without Paying the Ransom?

In short, unless you have a backup, it will not be possible to recover your data. It is also extremely important that you do not validate a ransomware business model by paying the ransom.