What Is Ransomware And How To Avoid It

what is ransomware

We have been seeing a lot of recurring cyber-attacks in the news lately about people and organizations everywhere getting hit hard by a malicious program called ransomware. What is ransomware you might ask? If you have not heard of ransomware, then you should definitely get yourself educated on what it is!

Cyberdefense awareness on this subject is absolutely crucial because of all the ransomware attacks that have been occurring lately. Learning about this piece of software and staying alert is a must for the common user. This is why we are covering what ransomware is?



If you open your computer and find your desktop screen to look like this:

what is ransomware? cryptolocker virus

Or this:

what is ransomware? department of justice virus

Then you have definitely downloaded a program called ransomware, and you will either have a limited window of time to pay a fee to cyber criminals in order to unlock the data on your computer, or risk losing it forever.

 

History Repeats Itself, So What Is Ransomware?

First things first, here is a little history lesson on what is ransomware, are, and what these programs are capable of doing. These little malicious computer viruses have been around since 1989, and have now made their way back to the public in 2012. They have gotten really bad just recently in our present year of 2016.

Back in the late 80’s the program was known as AIDS, not to be confused with the actual Acquired Immune Deficiency Syndrome (Aids) virus deadly to humanity. AIDS also called PC Cyborg, tricked a user into thinking that their license to use a specific software program they bought has expired. Due to the false expiration notice, AIDS was capable of encrypting a person’s file names on their hard drive, and the only way to unlock their data and get it back was to pay a $189 fee.

Not to bore you with a mundane history lesson, but there’s something to be said with the age old saying, “history repeats itself.” Today we face even stronger ransomware programs that are wreaking havoc on home computers, and hardworking businesses that use computer networks to function every day.

 

What Is Ransomware, And The Different Brands?

Like back in the 80’s, ransomware today functions very similarly to the AIDS program that infected users back then. Some of the new ransomware programs that have popped back up since 2012 are named below:

  • Reveton – Reveton claims to be a law enforcement agency that refers itself as the local police, or a cybercrime division cop. The program warns the user that they have been using their computer for illegal activities such as pirating software or downloading child pornography. Many people have pirated software of some kind on some level, such as downloading music, or watching a movie online for free. Like it’s predecessor AIDS, it encrypts and locks a user’s files and folders on their computer, and the only way to unlock your data is to pay a voucher from an unknown prepaid cash service such as Paysafecard or Ukash.
  • Cryptolocker – The famous Cryptolocker first appeared in September 2013. This program was much more aggressive than AIDS or Reveton, because if the user caught this virus and didn’t pay the ransom to have their files and folders unlocked, then Cryptolocker threatened to delete the key in 3 days which would result in losing all of your data forever, unable to decrypt your files.
  • CryptoLocker.F – This malicious program which is unrelated to Cryptolocker hit Australian users hard in 2014. It functions with the same concept as a typical ransomware program.
  • TorrentLocker – Another ransomware program that infected over 9,000 users in Australia, and over 11,700 users in Turkey.
  • CryptoWall – CryptoWall uses a widely used programing language called JavaScript which is needed for most web functionality to work on your computer. This malicious program disguises itself as a JPEG image but is an executable file. This means that a user might believe that they are opening up a JPEG file to look at a picture, but instead are executing the virus program which is activated upon clicking. This starts the process of encrypting your files and forces you to pay a fee to unlock your data. Users were usually emailed the CryptoWall program from a spoofed email address which is designed to look and act like an email address from someone you already know.
  • KeRanger – Everyone believes that MAC computers are security proof. Not with KeRanger on the loose, because it’s the first ransomware program to be written exclusively for the OS X operating system. The virus is inactive for 3 days, and then begins encrypting files once a user’s MAC computer is infected.
  • RSA4096 – This program encrypts files on a personal computers and any device connected to it. If you save all your files on a flash drive, like you should, and it is connected to your infected computer, that flash drive now also becomes infected! RSA4096 first appeared in 2015.
  • Manamecrypt – Manamecrypt hits a user just like every other ransomware program, but claims to encrypt your files when in reality your files aren’t locked at all, they are copied into a password protected RAR archive. The password created through this program is easily broken, so users were able to get their files back pretty easily.
  • Mischa – Finally the most recent ransomware program is called Mischa. This is the most difficult program so far when it comes to getting your files back. There are no known ways to unencrypt your files once hit with this type of malware. The program usually asks an infected user to pay $1,000 in bit coins, which is almost impossible to be tracked by law enforcement officials.

With all these ransomware programs on the loose, how does one become infected with these malicious viruses?

 

What Is Ransomware Capable Of?

The most common 2 ways are:

  1. When a person visits an untrusted website and clicks on an infected link to download something, and the next thing they know their computer, files, and folders are being held hostage by a ransomware program.
  1. Someone receives either a spoofed email that is identical to someone they may know, or from a random untrusted email address. This email address lures the user into clicking and downloading an attachment, and once the attachment is downloaded and opened, that is it; it’s all over from there. That user’s data is now being locked through a ransomware program, and the only way to unlock your files and folders is to pay the ransom.

Everyone is at risk for being infected by ransomware. Recently major hospitals in the U.S.A have been hit hard by these nasty programs. Below are lists of hospitals that have been recently attacked, and ended up paying the ransom to get their data back:

  • Alvarado Hospital Medical Center, San Diego CA
  • Hollywood Presbyterian Medical Center, Los Angeles CA
  • Chino Valley Medical Center, Chino CA
  • King’s Daughters Health, Madison IN
  • Methodist Hospital, Henderson KY

The above list of hospitals is just a few quick examples on who has been getting hit by ransomware. Hospitals have been great targets for ransomware hackers, because any large organization that deals with patient records electronically is in serious need to have access to their patient’s data right away. If that data is locked and or stolen, a hospital is going to be in a panic to unlock and get their patient’s data back as soon as possible. Also a hospital’s staff members are not well trained in cyber security practices, so this makes them an easy target for a cyber-attack. Hackers and criminals are sure making a fortune on deploying cyber-attacks on the medical field with the use of ransomware.

This virus has become such a serious threat, that even Congress in the U.S. is beginning to act through Senate Judicial subcommittee hearings and asking the question, “what is ransomware.” The FBI suggests that if users or organizations catch a ransomware program on their computer or network, that they should just pay the fine. Yes, you heard me right; the FBI is suggesting that you fund these cyber criminals operations, because there is no known way to completely unencrypt your files once infected by a ransomware program!

To get a visual on the alarming rate at which ransomware is trending, below is a statistical analysis chart globally on the rise of these malicious programs:

what is ransomware? statistics

As displayed in the chart, over 100,000 users are getting hit hard all around the world through the use of ransomware attacks, and these cyber threats are growing at a rapid rate.

So, now that we have answered the question on what is ransomware, one thing still remains. What can I do to protect myself from a ransomware program that is lurking to get me on the internet? Besides having good cyber awareness, within the next couple of weeks, CDH will be crafting a blog post in the Cyber Security 101 section on practical methods and ways to possibly get your data back if you have been hit with a ransomware virus.

Now just to be very clear, and I mean VERY CLEAR, these methods might not work for everyone. These are some practical and natural ways to maybe get the virus off of your computer, and maybe even unlock some of your encrypted files caused by a ransomware program.

The worst you can do is at least try to save your data through the techniques that CDH will show you in our upcoming blog post in fighting against ransomware.

We hope this news article was useful for your cyberdefense knowledge, and that we have answered the question, what is ransomware? We also hope that you stay safe from any malicious programs lurking on the internet!

 

Sincerely,

CDH

 

Oh, and p.s. Please leave a comment and feel free to discuss anything about ransomware below. Take care now!



Leave a Reply

Your email address will not be published. Required fields are marked *