What is Ransomware?
Ransomware is an invasive type of malware that locks files on your computer and threatens to release it online unless you pay a ransom. It can be used against individuals, businesses, and government agencies, but the biggest targets are businesses.
The First Ransomware – PC Cyborg/AIDS
In the late 1980s, the first form of ransomware was developed. A malicious program, called PC Cyborg or AIDS, would encrypt all files in the C: directory after 90 reboots and then demand $189 by mail to obtain a license to decrypt those files. Despite its esoteric nature, this early version of ransomware didn’t have the same ominous ramifications as today’s cryptoransomware variants, which are more aggressively targeted at individual systems and businesses alike.
How Ransomware Infects Your System
Once an infection has been established, it is able to communicate with command-and-control (CnC) servers. These CnC servers can be accessed through a variety of methods, including phishing, smishing, voice attacks, social media platforms, network attacks, and system vulnerabilities.
How Ransomware Chooses What to Encrypt
While some ransomware is based on file-specific ad-hoc algorithms, others take advantage of advanced processes that evaluate a wide range of factors, from the presence of previous shadow versions to the overall entropy of a file. Some even rely on the number of times it has been accessed to make its final decisions.
As more sophisticated malware tools become available and anti-malware software improves, criminals have begun refocusing on locking ransomware as the primary source of income. This strategy, which allows for persistence on a device or network, has proved to be more lucrative than the earlier symmetric key encryption variants.