Probably everyone has heard the term “ransomware” or “encryption trojan” over the past few years. Or was even affected by it. In its 2017 report on the IT security situation in Germany, the BSI named ransomware as one of the most common attack methods used by cybercriminals. But what exactly is ransomware?
What Does "Ransomware" Mean?
The term “ransomware” is made up of the two parts of the word
“ransom” and “ware”. While “ransom” can
be translated
as “ransom”, the ending “ware” is often used to name
programs, such as software and malware.
The meaning of ransomware can also be derived directly from the
name. It is a ransom demand program. But
for what?
What Does Ransomware Do?
How ransomware works can be summarized relatively quickly. As
soon as a system has been attacked, files are encrypted,
which means that they can no longer be opened or executed. A ransom is
required for decryption. In most cases, this should be paid in Bitcoin. It
is officially advised not to pay the ransom, as this is no
guarantee of decryption. The ransomware usually
makes itself noticeable through a so-called "lock screen" on which a
message appears that your data has been encrypted and instructions for
decryption, i.e. a ransom note including bank details and deadline.
What is encrypted varies from case to case. The encryption can
only refer to individual files or to the entire infected system.
Probably the best-known distribution mechanisms for ransomware are
the sending
of emails with malicious attachments, drive-by
downloading when surfing on infected websites and direct downloading of
infected programs. The latter can also happen unknowingly by clicking on
an unknown link. With the ransomware WannaCry, the spread
of ransomware came in 2017 by exploiting a software
vulnerability.
However, the very first known ransomware was
not sent in any of these ways. In 1989 the biologist
Dr. Joseph L. Popp, using floppy disks that he gave away
at a WHO AIDS conference, his encryption Trojan. About 1,000 of his 20,000
floppy disks successfully installed the ransomware. Its reasons are still
unclear to this day.
What Are the Goals of Ransomware?
The aim of ransomware is to extort
sums of money. However, the target systems are
different. Since ransomware is widely distributed and usually does not
have a specific system as its target, private individuals are just as affected
as companies.
However, ransomware developers are becoming more and more
sophisticated. In 2016, for example, there was ransomware
called “Locky” that
spread within a few days, mainly in Germany. The
reason for this was that the email with which Locky was sent looked deceptively
real and was written in German. Another encryption Trojan was shipped less
than a month later. Disguised as an adviser to the BKA including an
alleged analysis tool called "BKA Locky Removal Kit.exe"
How Can You Protect Yourself Against
Ransomware?
Training
your own employees about security awareness offer
reliable protection against ransomware for companies.
Since ransomware exploits users' curiosity, the following general
behavioral tips always apply:
1. Do not open any
attachments that you have not requested.
2. If an attachment could contain important information, ask the sender.
3. Error
messages/reports with attachments also contain viruses. Therefore, administrators
should also be careful.
4. Do
not start a program from the Internet or a friend that you are not sure is completely
virus-free. (Use Protegent Antivirus Software)
5. For
all systems, security updates should be imported regularly!
6. Use a virus
scanner and do not switch it off. Only a scanner
that is updated regularly (hourly) fulfills its purpose.
7. Make regular
backups.
Comments
Post a Comment