Skip to content

How does Ransomware Work?

As the name implies, ransomware works like a kidnapper. Unfortunately, your data is being held captive. It is the worst kind of Malware out there.

Once your computer(s) is infected, the attack can do a few things. Your files are encrypted or converted into a different language for which only the hacker has the decryption key. Often, you won’t even know you’ve been infected until you try to open a file.

Another, more damaging version is what happened with the recent attacks. The ransomware locks users out of their entire system and holds their data and system captive.

Attack on Hospitals

During the attack, computer screens showed a message demanding $600 in Bitcoin in exchange for the decryption key to unlock the user’s data. This is where Bitcoin, and the many other variants of Cryptocurrency are often used.

wannacry ransomware
A Wannacry ransomware screen

Victims have three days to pay before the fee is doubled. The attacks for Wannacry and others were aimed at Hospitals. The hospitals ended up paying about $20,000. The hackers set up a helpline to answer questions about paying the ransom (how kind of them).

This attack relied on something called the Wanna Decryptor, also known as WannaCry or WCRY.

These attacks are brutal to catch because hackers are continually improving, updating and changing them. The Wanna Decryptor being used is evolving.

How Could This Happen?

There are plenty of ways. Hackers can get ransomware (Malware) on your system if you download an infected piece of software or a PDF. The nasty folk can also use a phishing email to direct you to an infected website.

In the hospital case, hackers emailed a zip file attachment. When victims clicked on it, their computers were infected, but the attack didn’t stop there. The ransomware spread through the hospitals’ and businesses’ computer networks. Once inside the system, they infect any computers they contact via many different methods.

“Once you get a foothold in the system, other users will start to run those pieces of software,” explained Clifford Neuman. He directs the University of Southern California’s Center for Computer Systems Security.

How to Stop This?

First, back up your hard drive. It would help if you kept frequent backups anyway if your computer dies or your disk implodes. If your computer gets hacked, you’ll be able to retrieve your data without paying any ransom.

If you run a business, back up every computer in your office and have a plan for what to do if your system goes down for a while. Be smart about setting up your network (or hire someone smart to design it for you) so that most users don’t have complete access to the system. It would also be a good idea to have an off-site place where you can store backups in case of fires and such.

These ideas make it harder for a ransomware attack to infect all of your data. Make sure your users understand the typical kinds of attacks. Education could save your bacon in this case.

Avi Rubin, a Johns Hopkins professor who studies computer hacking, has one other piece of advice: If you or your business get attacked, don’t pay.

“You’re funding the bad guys and giving more incentive, ” he said. You also don’t know whether your files will really be restored.

Here is Avi’s Ted Talk about how vulnerable your systems are:

2 thoughts on “How Does Ransomware Work?”

  1. Pingback: Backup And Restore The Most Important IT Concepts

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.