Ransomware is a special form of malware. At least in terms of the target of attackers. This is because the explicit aim is to extort a ransom. Ransomware is programmed to lock files or systems for users. In order to unlock them again, a ransom must be paid. Ransomware is therefore a threat to companies in particular.
The name Ransomware comes from the English “ransom”, meaning ransomware and malware, as malicious software. Ransomware is always designed to extort money. It paralyzes entire computer systems or locks files. A ransom payment is required to unlock them again. Colloquially, this is also referred to as crypto Trojans, extortion Trojans or encryption Trojans.
This already shows how ransomware gets onto the computer in practice. Like a Trojan, it is disguised in another program and strikes as soon as that program is installed. It can also hide in attachments or links of emails, so our first security tip is also always not to click on attachments or links in mails.
The spread of the ransomware can be delayed. So, you may have caught ransomware months ago and it strikes only now. Probably, by then you have already forgotten where the malware could have come from.
The biggest targets for ransomware are, of course, companies and their digital systems. That is where the most money can be made. In principle, ransomware can paralyze the entire business process and thus cause considerable damage.
Payment of the ransom is often demanded in the form of a digital currency such as Bitcoins, as this is more difficult to trace.
Ransomware comes in thousands of variants and hundreds of disguises. That’s what makes it so difficult to detect. Once the ransomware is in the system, it’s fairly easy to detect, but by then it’s already too late.
When data is encrypted by ransomware, of course, you notice it. You no longer have access to it. Moreover, ransomware usually also explicitly indicates its presence. After all, you are supposed to pay a ransom. A message on the screen then tells you how and where to pay the ransom.
However, we naturally want to detect ransomware in advance so that it does not get onto our computer in the first place. However, this is difficult. Basically, once again, the only advice we can give is to be cautious. Do not click on attachments and links from sources you do not trust. By the way, the same applies to pop-ups on the Internet in the form of advertising banners or links from users in social media, of which you do not know where they lead.
In order to take prophylactic action against ransomware, it makes sense to regularly back up your own files. If the computer is infected, the damage is minor, provided you still have everything stored elsewhere.
Ransomware usually has a name. Not that this helps victims in any way. There are a few well-known cases of ransomware attacks that caused a stir both nationally and internationally.
In early 2016, several hospitals were affected by the “Locky” ransomware. This encrypted medical records and two hospitals paid a total of 15,000.00 euros in ransom to the perpetrators to unlock the files.
In 2017, the infection with the ransomware called “WannaCry” affected a large telecommunications company in Spain, which includes O2 and EPlus. Employees had to shut down all computers as quickly as possible to prevent the ransomware from spreading. The ransomware had already spread to an internal server and was thus able to access all other devices in the company.
Ransomware is always designed to lock systems or files. A ransom must be paid to unlock them. However, this is no guarantee that the files will actually be unlocked again. Therefore, the right course of action is always to back up your data regularly. The ransomware can be removed by a professional, but this does not necessarily rescue all files. Depending on the infestation, it may also be necessary to format the entire hard drive.