How does Ransomware Work?

As the name implies, ransomware works like a kidnapper. Unfortunately, your data is being held captive. It is the worst kind of Malware out there.

Once your computer(s) is infected, the attack can do a few things. Your files are encrypted or converted into a different language for which only the hacker has the decryption key. Often, you won’t even know you’ve been infected until you try to open a file.

Another, more damaging version is what happened with the recent attacks. The ransomware locks the user out of their entire system and holds their data and system captive.

During the attack, computer screens showed a message demanding $600 in bitcoin in exchange for the decryption key to unlock the user’s data.

A Wannacry ransomware screen

Victims had three days to pay before the fee doubled.  The hospitals ended up paying about $20,000. The hackers set up a helpline to answer questions about paying the ransom (how kind of them).

This attack relies on something called the Wanna Decryptor, also known as WannaCry or WCRY.

These attacks are brutal to catch because hackers are continually improving, updating and changing them. The Wanna Decryptor being used is evolving.

How Could This Happen?

Plenty of ways. Hackers can get ransomware (Malware) on your system if you download an infected piece of software or a PDF. The nasty folk can also use a phishing email to direct you to an infected website.

In the hospital case, hackers sent a zip file attachment in an email. When victims clicked on it, their computers were infected, but the attack didn’t stop there. The ransomware spread through the hospitals’ and businesses’ computer networks. Once inside the system, they infect any computers they contact via many different methods.

“Once you get a foothold in the system, other users will start to run those pieces of software,” explained Clifford Neuman. He directs the University of Southern California’s Center for Computer Systems Security.

How to Stop This?

First, back up your hard drive. It would help if you were keeping frequent backups anyway if your computer dies or your disk implodes. If your computer gets hacked, you’ll be able to retrieve your data without paying any ransom.

If you run a business, back up every computer in your office and have a plan for what to do if your system goes down for a while. Be smart about setting up your network (or hire someone smart to design it for you) so that most users don’t have complete access to the system. It would also be a good idea to have an off-site place where you can store backups in case of fires and such.

These ideas make it harder for a ransomware attack to infect all of your data. Make sure your users understand the typical kinds of attacks. Education could save your bacon in this case.

Avi Rubin, a Johns Hopkins professor who studies computer hacking, has one other piece of advice: If you or your business get attacked, don’t pay.

“You’re funding the bad guys and giving more incentive, ” he said. You also don’t know whether your files will really be restored.

Here is Avi’s Ted Talk about how vulnerable your systems are:

2 thoughts on “How Does Ransomware Work?”

  1. Pingback: Backup And Restore The Most Important IT Concepts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.