What is Ransomware?
Typically, ransomware is a malicious program that encrypts files on a victim’s computer and then demands payment in order to decrypt them. The program also deletes backups.
Some hackers are able to customize their malware to better target their attack. For example, the NotPetya virus, a variant of the Petya virus, uses vulnerabilities in the Windows SMB protocol to spread throughout the network.
Another type of ransomware is crypto-ransomware, which encrypts the user’s files using a digital currency. These can include bitcoin and litecoin. These cryptocurrencies use encryption techniques to validate transactions and control creation of new units.
Paying ransom is an unwise move, since it can leave the victim out of money and with no way to get their data back. In addition, paying a ransom can encourage more ransomware attacks.
There are several methods to deal with ransomware, including eradicating the malware from the infected PC, creating a backup of the files, and disconnecting the infected device from the network. However, the best way to deal with the malware is by restoring the files from a previous backup.
For more details on the technical aspects of removing and encrypting ransomware, the Infosec Institute offers a comprehensive look at ransomware.
One of the most common ransomware delivery systems is phishing spam, where an unsuspecting user clicks on a fraudulent URL. The spam may masquerade as a legitimate file or a trusted link, and may even take over the infected PC.