What is Ransomware?

What it is

Ransomware is a form of malware; aggressive and unwanted software that can get onto your computer through many different means and then play havoc with your system.

How ransomware differs from usual malware is what it does once it is in your system. Ransomware doesn’t make itself known straight away; instead it runs in the background while your computer appears to work normally. What does it do, while hiding out on your PC? It encrypts your files.

Which files it encrypts varies by the strain of ransomware you catch. Some encrypt photos and documents, others encrypt every possible file they find. Some are especially dangerous, encrypting vital system files meaning attempting to restart your computer destroys your operating system.

This encryption is strong – without the decryption key, which of course the cybercriminals do not make publicly available, the data simply cannot be decrypted with modern technology. Encrypted data is useless – you cannot open it, use it, or view data stored within it. It is essentially lost, unless the file is decrypted or a backup is restored.

While destroying your data is malicious, it has been seen many a time before. The terrifying brilliance of ransomware is what it does next – it offers you your data back…for a price.

Once your data is fully encrypted, the hidden program suddenly makes itself known and pops up a window – usually one that cannot be hidden or closed. This window is the coup de grâce of the attack; it offers you your data back, if you pay the ransom using a cryptocurrency called Bitcoin. Many ransomware strains these days use additional means of getting the victim to pay as well, such as increasing the price over time, or deleting files every few hours until the payment is made.

Once the payment is made, the program decrypts your files and you get back to business – theoretically. In practice, beyond the dubious moral quandary of giving money to a criminal, there is also a practical issue – the criminals don’t always stick to their side of the deal. Either through malice, technical incompetence, or intervention by public authorities, the cybercriminals behind the ransomware often don’t decrypt your files, even when you pay.

Ransomware developers have also recently been picking up some tricks from viruses; some strains now spread while they encrypt your files, hopping across networks or onto additional drives, meaning the total impact, and cost, of the attack is greater.

The old adage of Macs don’t get viruses remains as false as ever; there are confirmed reports of ransomware on Macs, so don’t rely on the brand name of your device to protect it!

Why it’s so bad

Ransomware is a serious issue facing many businesses today, and there are some very real reasons it is considered the cybersecurity threat that it is.

Impact – What would happen to a business if all its business-critical files were destroyed? The answer is obvious: it would be catastrophic for the company. Ransomware has been the cause of the destruction of a number of businesses, and has caused huge financial losses to many more.

Prevalence – Why is ransomware so much more common than many other forms of malware now? The answer is simple: because it pays so well. Cybercriminals have discovered an extremely lucrative and remarkably easy attack, and so they have latched on and are now perfecting it. Because cybercriminals know it is so profitable, especially enterprising criminals have begun selling easy to use ransomware packages, meaning advanced digital attack is no longer the sole domain of the programming pro.

Read the next part in this series here – Where Does Ransomware Come From?