How Ransomware Works
Ransomware is a type of malware that encrypts files on a user’s computer and makes them inaccessible until they pay a ransom to the attackers. There are many types of ransomware, but all follow a common pattern.
Infections from ransomware typically come through human or machine attack vectors such as phishing (email), smishing (text), and vishing (voice) and system vulnerabilities. This includes vulnerable web servers and RDP ports that can be opened through an infected application or malicious URL.
Once a system has been compromised, the ransomware will reach out to its command-and-control (CnC) server and request a variety of instructions. These requests will include the types of files that should be encrypted, the time frame in which the process should begin, and more.
A key exchange will take place, and the criminals will generate and deliver a key that is used to encrypt files on the victim’s computer. The keys can range from a simple symmetric key cypher to a complex RSA 4,096-bit encryption algorithm, depending on the variant of the ransomware.
The attackers will then display a message to the victim, stating that their files have been encrypted and will only be decrypted after they pay an untraceable amount in cryptocurrency such as bitcoin. This is the first step in what will become a long and expensive fight to get your data back.
As technology continues to advance and hackers continue to find new ways to encrypt data, ransomware is here to stay. It’s important to know how this threat works so you can prepare for the future.