Gone are the days when we had to be careful with the floppy disks we used if we didn’t want to end up with a locked PC and our missing files. The new generations of malware have an amazing ability to reach our computers using the most diverse vectors and just as they have modernized their infection mechanisms, their effects have also changed .
Of all the modern virus categories, ransomware is already possibly the most feared. But what exactly is it and what makes it so dangerous for both companies and individuals? And what strategies can we adopt to avoid it?
What is ransomware and why is it so worrying?
As its name indicates in English, ransomware is a type of malware (malignant software) that hijacks our files in exchange for an economic ransom ( ransom ). To do this, it blocks folders and even insecure hardware elements using encryption methods, offering only a window to enter a password provided by the attacker. This key is only provided after the payment of an economic ransom.
Although ransomware has only recently reached its height of popularity, its beginnings are very old. The first example recognized as such was AIDS Trojan, a Trojan that hid user files and encrypted only their names. To recover them, it was necessary to pay $189 to a company created by its programmer , who was later declared mentally unstable. Fortunately, it was so badly programmed that you didn’t even need to pay the ransom to get your files back.
Towards the middle of the 2010s, this type of malware experienced a real explosion at the hands of cryptocurrencies . Until then, practically no one dared to extort money from the users of an infected PC, since any transfer was easily traceable and would take the attackers to jail by express means, but the obfuscation capacity of these native Internet currencies gave wings to the creators of ransomware .
Currently, most ransomware demands payment of a fixed amount in the form of Bitcoins, Ethereum, or other cryptocurrencies. After submitting the payment, the attacker sends the password needed to unlock the files and (in theory) delete any traces of ransomware from the computer. The communications necessary for ransomware to establish contact with its creators are also often obfuscated by services like Thor and dedicated proxies .
Ransomware extortion is usually carried out by the virus creators themselves, but there is evidence that complete kits and even attacks as a service are also offered on the dark web , allowing cybercriminals to contract ransomware attacks in exchange for a fee. sum or commission.
Who are the main victims of ransomware
Mainly private users and small and medium-sized companies. Although examples of ransomware such as CryptoLocker, WannaCry and Petya have jumped into the news and the general press due to their devastating effects on large companies, hospitals and infrastructures, these victims usually have IT departments to protect their data to some extent.
Private users and small firms, however, are more unprotected, making them weak and desirable targets. For an attacker, it is more interesting to launch against 20 SMEs with less than 100 employees and demand a payment of 3,000 euros from each than to attack the Ministry of Labor and leave empty-handed , as happened recently. In any case, the damage can be substantial.
First loss: your data
The first damage that ransomware causes is the most immediate. The user boots up the PC and is greeted by a message informing him that his hard drive has been hijacked and that he must pay a specified amount to the indicated address if he wishes to recover it. And besides, he has to do it before a designated date. If a certain number of days passes, your data will be lost forever .
Blocking such files is usually done by encrypting them, but it is also possible to encrypt boot sectors and even hijack the firmware of insecure drives. The effect is the same: your files are inaccessible.
An added problem is that ransomware is usually sent in waves, for example attacking all known emails from a specific domain. And many types can also spread across local networks, so it only takes a single employee to click on a scam email for the initial infection to spread to every computer in the company , creating all sorts of problems.
Photos, videos, invoices… any content we have on our PC can be hijacked by ransomware . In fact, the normal thing is that it does not even start Windows as such. For photographers and creatives, it can spell disaster . The fear of financial losses caused by not accessing the files makes many people not wait for the last moments of the countdown and pay as soon as possible.
Second loss: your money
As we said, one of the problems with ransomware is that this type of virus is usually designed to spread very quickly. The higher the number of infected machines, the higher the ransom. Thus, it is not surprising that what began with a request for 30 euros to unlock a computer ends with a transfer of 3,000 euros to unlock all the computers of a company.
Apart from the economic losses caused by the rescue, there are those derived from the temporary loss of said equipment. Which can be large. Energy distribution companies and companies related to the distribution of fresh products can suffer considerable damage if their operations are interrupted , as can any industry that works following just-in-time methods . Recently, the American JBS Foods, the largest meat producer in the world, paid 11 million dollars in the face of having to stop the activity of its slaughterhouses, which would have caused even greater losses.
Finally, ransomware can cause credibility and reputation issues . Depending on the company under attack, their customers may not want to continue working with them if they learn that they have lost control of their computers. This is especially critical in companies related to new technologies, where the margin of error for these missteps is minimal.
How to protect yourself against ransomware
Ransomware is a particularly nasty category of virus, but luckily it doesn’t innovate much when it comes to infection mechanisms. We can protect ourselves from it with the usual precautions , which include the use of antivirus (such as the one included in Windows ), being careful when clicking on unknown links, attachments and emails, avoiding “strange” web pages and not falling in the temptation of piracy.
In the case of companies, it is also highly recommended not to connect unknown or insecure external devices. Some particularly sneaky attackers drop a flash drive in the company parking lot, for example, hoping that an employee will connect it to their PC to inspect it, and that’s where the disaster begins.
Finally, in all cases it is recommended to use a backup strategy . Whether with hard drives or cloud storage accounts, having an up-to-date copy of our files organized by days can get us out of the hole , allowing us to ignore the ransom and recover all the necessary information after the corresponding formatting and antivirus scanning.