Imagine one day you turn on your computer and find a message telling you that all your files have been encrypted and that you can only recover them if you pay an unknown amount of money. You lost the photos from that summer, important documents, and the information you had for studying. What would you do? Would you pay the ransom? Would you report the case to the authorities? Or would you try to solve the problem on your own? Although it seems like this never happens, the truth is that it has become a reality for many people and companies who have been victims of ransomware attacks.
Ransomware is malicious software that prevents access to the victim's data or device and demands payment to restore it. In short, it is a cybercrime that has grown exponentially in recent years, and which causes serious economic and reputational damage to those affected.
In this post, we are going to explain what ransomware is, how it originated, how it works, what consequences it has, and how we can protect ourselves from it. If you want to know more about this topic, keep reading.
Beginnings of ransomware attacks
First, let's put this situation in context. The thing is, while ransomware attacks seem straight out of modern science fiction movies, nothing could be further from the truth, as they have existed since the era of floppy disks.
The first ransomware attacks date back to the end of the 80s, when a biologist named Joseph Popp distributed about 20,000 infected floppy disks with a program that encrypted computer files and asked for 189 dollars to unlock them. This case is known as the "AIDS Trojan" or the "PC Cyborg."
Since then, ransomware has evolved and diversified, taking advantage of new technologies and system vulnerabilities. Some of the most famous and destructive attacks in history are:
- CryptoLocker: appeared in 2013 and spread through emails with malicious attachments. It demanded payment in bitcoins to obtain the decryption key.
- WannaCry: emerged in 2017 and took advantage of a vulnerability in the Windows operating system that had been leaked by a group of hackers. It blocked system access and demanded a ransom of 300 dollars in bitcoins. Its victims included hospitals, companies, banks, and public organizations.
- NotPetya: also occurred in 2017 and was based on the WannaCry code, but with some modifications that made it more harmful and difficult to eliminate. In this case, it did not offer any way to recover the data, as its purpose was to cause as much damage as possible. It is estimated to have caused losses of more than 10 billion dollars.
How ransomware attacks work
Now, how do ransomware attacks work? Well, this virus reaches computers or electronic devices in different ways, but the most common are the following:
- Malicious email: it usually includes attachments or links that somehow pique users' interest. The goal is for them to click and thus download the ransomware. They often pretend to be trusted entities or friends, so it is best to be alert and carefully check the sender of the message.
- Malicious advertising: has it ever happened to you that you are browsing the web and have been redirected to another page without wanting to? Well, be careful, as this is another way to send the virus. This method usually uses exploit kits, which are programs that detect and take advantage of vulnerabilities in browsers or installed plugins.
- Removable or external devices: we are talking about USB drives, external disks, SD cards, or other devices that run the ransomware when connected to the computer or device.
If, unfortunately, the virus has already infected your electronic device's system, by whatever means, it can act in two main ways:
- Encryption ransomware: this is the most common and consists of encrypting the victim's files with a key that only the attacker knows. It then displays a message asking for a ransom in exchange for the decryption key.
- Locker ransomware: this is less frequent and consists of blocking access to the victim's system or device, preventing them from using it. It then displays a message demanding a ransom payment. The message usually simulates that it comes from a legitimate authority, such as the police or a government agency.
Consequences of ransomware attacks
Ransomware attacks constitute a very serious threat to organizations and users, especially in two areas:
- Economic losses: ransomware can affect the organization's activity and reputation, causing losses of income, customers, or opportunities.
- Data losses: it can impede access to critical, sensitive, and valuable data, which can have legal, regulatory, or strategic consequences for the organization.
Protection against these attacks
Protecting against this type of attack can be difficult, although not impossible. Take note of these recommendations that we share:
- Keep operating software updated. This recommendation is also valid for corporate environments. Updated software helps correct vulnerabilities and prevent infections.
- Make personnel aware of the risks of ransomware and how to avoid them.
- Have a response plan prepared for an infection. You can use antimalware programs every time you think the computer is infected.
- Use cloud technologies to back up your data and access it from anywhere.
Recovering data and eliminating ransomware
To recover data and eliminate ransomware, you can follow these steps:
- Turn off or disconnect the computer from the network. This will prevent the ransomware from spreading to other devices or shared files.
- Never contact the cybercriminals or pay the ransom. This will only encourage them to continue attacking and will not guarantee the recovery of your data.
- Use antivirus software to clean the infected device. Follow the instructions of the program you choose and make sure to completely eliminate the malicious program.
- Use a ransomware decryption tool to recover your files. Before using them, make sure you have removed the ransomware from the device.
Can these crimes be reported?
The answer is yes. Report the incident to the National Cybersecurity Institute (INCIBE) or the Technological Investigation Brigade of the National Police. According to the INCIBE website, to report a ransomware attack you will need:
- A detailed description of the incident and your contact details.
- The original ransom note in the format it is in on your computer. If you do not have it or cannot locate the file, send a screenshot where the content of the note is visible.
- Two files encrypted by the ransomware (which do not contain personal data, whose originals were in Word or Excel format and occupy less than one MB).
Do you want to know more? We invite you to subscribe to Educa.Pro and start enjoying a wide range of specialized training offers without any limits today!
.jpg)