Ransomware is a type of malware (malware) that can manifest itself in several ways, affecting individual systems as well as networks of businesses, hospitals, airports and government agencies.

Ransomware has continually improved and become more sophisticated since its first recorded occurrence in 1989. While simple formats typically do not encrypt ransomware, modern ones use cryptographic methods to encrypt files, making them inaccessible. Ransomware encryption can also be used on hard drives to completely lock down a computer's operating system, preventing the victim from accessing it. The ultimate goal is to convince the victim to pay to receive decryption, which is usually requested in digital currencies that are difficult to trace (such as Bitcoin or other cryptocurrencies). However, there is no guarantee that after payment the attackers will fulfill their conditions.

Ransomware has grown significantly in popularity in the last decade (especially in 2017), as a financially motivated cyber attack, it is now the most well-known malware threat in the world - as reported by Europol (IOCTA 2018).


How do you become a victim?

  • Phishing: A recurring form of social engineering. In the context of ransomware, phishing emails are one of the most popular forms of malware distribution. Victims are usually infected through compromised email attachments or links that are disguised as genuine ones. Within a computer network, one single victim can be enough to put an entire organization at risk.

  • Exploit Kits: a package of various malicious tools and pre-written program code. These kits are designed to exploit problems and vulnerabilities in software applications and operating systems as a way to spread malware (systems with outdated software are the most insecure).

  • Malvertising: Attackers use advertising networks to distribute ransomware.


How to protect yourself from ransomware attacks?

  • Regularly use external drives to back up your files so that you can restore them after deleting them as potentially infected;

  • Be careful with email attachments and links. Do not click on ads or websites from an unknown source;

  • Install a reliable antivirus and update your applications and operating system;

  • Enable the "show file extensions" option in Windows settings so you can check them easily. Avoid files such as .exe, .vbs and .scr;

  • Avoid visiting sites that are not secured by HTTPS (i.e. URLs starting with "https://"). However, be aware that many malicious websites implement HTTPS to confuse their victims, i.e. The presence of one protocol does not guarantee that a site is legal or secure.

  • Visit NoMoreRansom.org, a site created by law enforcement and IT security companies working on ransomware threats. The website offers free decryption tools for infected users, as well as preventative recommendations.


Example Ransomware

GrandCrab (2018)

It first happened in January 2018, 50,000 became victims of the ransomware in less than a month before it was stopped by Romanian authorities along with Bitdefender and Europol (using a free data recovery toolkit). GrandCrab was distributed through malvertising and phishing emails, and was the first known ransomware to demand a ransom in DASH cryptocurrency. The initial extortion ranged from $300 to $1,500.


WannaCry (2017)

A global cyber attack that infected more than 300,000 computers in 4 days. WannaCry was distributed through an exploit known as EternalBlue and designed for Microsoft Windows operating systems (most of the affected computers were running Windows 7). The attack was stopped due to emergency patches released by Microsoft. US security experts said North Korea was involved in the attack, but no evidence was provided.


Bad Rabbit (2017)

Ransomware that was distributed as a fake Adobe Flash update downloaded from hacked websites. Most of the infected computers were located in Russia, and the infection depended on manual installation of the .exe file. The cost of decryption at that time was approximately $280 (0.05 BTC).


Locky (2016)

Typically distributed via email as a receipt requiring payment, containing an infected file as an attachment. In 2016, Hollywood Presbyterian Medical Center was infected with Locky and was forced to pay 40 BTC ($17,000 at the time) to regain access to the hospital's computer systems.