Ransomware

Beginner

Ransomware is a type of malware (malicious software) that has the final goal of convincing victims to pay for a decryption ransom in order to recover their compromised files or system. The payments are normally asked in digital currencies that are difficult to be traced, such as Bitcoin, Monero, or any other cryptocurrency.

A Ransomware attack may present itself in various different ways, being able to affect and disrupt not only individual systems but also the networks of businesses, banks, hospitals, airports, government agencies, and pretty much any company.

These malicious software are being constantly upgraded and are getting more and more sophisticated since the first registered occurrence, back in 1989. While the simple formats are, typically, non-encryption ransomware, the modern ones make use of cryptographic techniques as a way to encrypt the files of the victim, making them completely inaccessible. These encryption ransomware may also be used on hard drives as a way to completely lock a computer operating system, preventing the victim from accessing it.

As soon as a computer system is infected and successfully encrypted, the cybercriminal demands a ransom to the victim, claiming that the system (or files) will be recovered after the payment is made. However, there is no guarantee that the payments will be honored by the hackers and, in fact, many of them just run away with the money.

The popularity of ransomware has increased significantly in the last decade (especially in 2017) and as a financially motivated cyber attack. Ransomware attacks are currently one of the most prominent malware threat in the world – as reported by the European Union Agency for Law Enforcement Cooperation (also known as Europol). The report is called IOCTA 2018 and can be found on this link.

Phishing emails are one of the most common methods used by cybercriminals for ransomware spreading. Phishing is a form of social engineering where the victims get infected by opening fraudulent links or attachments from emails that are disguised as legitimate.

Notable examples of previous Ransomware attacks include GrandCrab (2018), WannaCry (2017), Bad Rabbit (2017), and Locky (2016).

NoMoreRansom is a website created by law enforcement and IT security companies as a way to inform internauts about this kind of malicious attacks. The website offers free Ransomware decryption toolkits for infected users as well as advice on how to prevent becoming a victim.

For more detailed information check our full article about Ransomware on Binance Academy and stay tuned for more educational content.