The beginner’s guide to ransomware

your-personal-files-are-encryptedRansomware is nothing new, but has made the headlines quite a few times since last year, as it has become a mounting threat and is dealing damage to individuals and companies alike. If you’ve heard of the scary stories of computer viruses locking out files and extorting money out of users without leaving a trace, then you already know what ransomware is.

Whether you’re afraid of being the next victim of ransomware or not, it pays to know more about how it works, where it comes from, and some basic measures that can help you protect yourself against it.

What is ransomware?

Ransomware is a breed of malware that locks your entire device (computer, tablet, smartphone) or your files, and prevents you from accessing them until you pay a specific amount of money. Its main method of delivery is through virus-infected email attachments or malicious ads and content running on hacked websites. Once ransomware is installed and activated on your computer, you receive a message like the one below, which informs you of the attack and gives you instructions on how to pay the ransom and unlock your device. Ransomware developers usually try to give a legal theme to their messages to induce guilt to the victims.

ransomware dialog

Ransomware has been around since 2005, when it first showed up in Russia and other parts of Eastern Europe. The earlier specimens of the malware were limited to locking computers or keyboards and forcing users to pay up. The newer generation of ransomware, known as crypto-ransomware, encrypts your computer’s files and holds them hostage with a private key only the attacker possesses, which will be delivered to you when you pay the ransom. Some of the more advanced crypto-ransomware viruses go further and also encrypt files on any shared or external drives connected to the computer, granted they gain access to it.

Ransomware attackers usually stay true to their promise and unlock your files and device when the ransom in order to maintain a reputation and encourage future victims to pay up as well, but there have also been cases where attackers have disappeared after getting their cash. In order to create a sense of urgency, victims are usually given a two- or three-day window of time to pay the ransom. If the victim fails to pay, the amount is increased or the lock becomes permanent.

Ransomware started out as a desktop and laptop computer virus, but has since been propagated to other devices and is also targeting smartphones and mobile devices. There are also signs that it may soon be proliferated to other connected domains, such as the much volatile and vulnerable Internet of Things (IoT).

In the early days of ransomware, one of the biggest problems attackers were facing was how to collect money from the victims. With online payments not being very popular at the time, attackers instructed victims to pay via SMS or pre-paid cards, which could eventually be traced back to the attacker’s phone. Bitcoin, the anonymous crypto-currency, which made its appearance in 2009, proved to be the missing piece of the ransomware puzzle, and it became the most popular method of demanding ransom because its transactions couldn’t be tracked.

Who is targeted?

Anyone who is likely to pay, a report by the Institute for Critical Infrastructure Technology finds. For the most part, attackers are after individuals, average users who are wont to overlook basic security measures, such as installing system updates and backing up their data on an offline storage medium or in the cloud.

But ransomware has also hit some juicier targets. Among them was the Swansea, Massachusetts, police department, which was ransomed for two Bitcoins ($750 at the time). The first few months of 2016 have seen several U.S. hospitals targeted by ransomware, including the Kentuky-based Methodist Hospital, which was hit by the Locky malware, and the Hollywood Presbyterian Medical Center, which shelled out $17,000 after the hospital was shut down by hackers. Other cases include an Oregon church and South Carolina schools.

How serious is it?

Very. FBI issued an alert last year, warning about the rise of all kinds of ransomware. A mid-March report by Intel Security found a 26 percent quarter-over-quarter increase in ransomware attacks. Other analyses and reports indicate how ransomware viruses are becoming smarter and harder to find.

The amount of damage being dealt by ransomware is also worth explaining. Ransomware attacks can be considered as the most reasonable type of money-extorting schemes. Since targets are mostly ordinary people, ransomware attackers usually keep their shakedown demands at a level that will persuade a larger percentage of victims to pay. In most cases, victims are asked to fork over one or two Bitcoins, which amounts to a few hundred dollars. There have also been instances where attackers have swindled several thousand dollars from a single victim, but those are the more special cases where larger institutions such as hospitals were targeted.

But as a whole, ransomware attacks are dealing a lot of damage. In 2015 alone, the FBI received some 2,500 complaints related to ransomware attacks, which roughly amounted to $24 million in losses for the victims. And those only account for a small percentage of ransomware attacks. A considerable percentage of victims don’t even bother reporting to law enforcement. In 2012, security tech firm Symantec gained access to a command-and-control (C&C) server used by the CryptoDefense malware (one of the earlier instances of crypto-ransomware), which showed the attackers where hauling in at least $34,000 a day. CryptoLocker, the famous ransomware that arrived in August 2013, infected more than half a million victims in its first six months, earning its owners some $27 million, according to FBI estimates.

Ransomware has become the basis of a very lucrative business for malicious hackers, as “success breeds more activity,” according to a law enforcement agent told the Washington Post on the rise of ransomware attacks. According to Intel Security report, Ransomware software is available to all as open source code that can be used and manipulated for free. And for those evil-minded criminals that don’t have the skills to develop their own ransomware, they can use the “ransomware-as-a-service” business model, where they hire hackers to do their bidding.

How do I protect myself?

The first line of defense against any sort of malware is to keep your operating system and antivirus software up to date with the latest patches and definitions. But in itself, this measure isn’t enough, because there are many new variations of ransomware software popping up every day, and by the time antivirus manufacturers find the new specimen and update their software, it might be too late.

Cyber-hygiene is also an important factor. Be very careful when opening attachments to emails, especially when dealing with files that can have malicious content, such as .doc and .rar files, which have a long history of delivering malicious payloads. As a rule of thumb, never open attachments belonging to emails that come from unknown sources. Also, be careful when you browse websites, especially those that contain ads, because ads are one of the main mediums that ransomware is delivered. Ad blockers can help reduce the threat, plus taking care not to download software that comes from ads, no matter how tempting its offer might sound.

Finally, you should always keep backups. This does not include backups on your local network, because ransomware software can find and lock those as well. You should either keep a copy on an offline storage medium or in the cloud, so in case you’re hit by ransomware, you can restore your files instead of paying out to the criminals.

But in many cases, the downtime is even more damaging than the ransom money itself, especially for businesses and organizations. By the time you buy the key or restore your backups, you might have lost precious time. We need new, layered and multipronged approaches to detect and prevent new ransomware from dealing damage. There are already several different initiatives and technologies out there that are dealing with this issue. I will also be talking about it in my future articles. Stay tuned for more… and stay safe.


  1. […] Ransomware is currently undergoing that stage at a very fast pace, and theres no sign of it slowing down any time soon. It is inflicting major losses and damage to companies, organizations and individuals, and raking in millions of dollars for cyber-criminals, and there seems to be no ebb to the flow. This warrants the need for new approaches to fighting ransomware in particular, and malware in general. […]

  2. […] Ransomware is currently undergoing that stage at a very fast pace, and theres no sign of it slowing down any time soon. It is inflicting major losses and damage to companies, organizations and individuals, and raking in millions of dollars for cyber-criminals, and there seems to be no ebb to the flow. This warrants the need for new approaches to fighting ransomware in particular, and malware in general. […]

  3. Very informative all the queries about ransomware is clear thank you for sharing such a good information if you want know more about it just visit us

Leave a Reply to gablr » How to deal with the rising threat of ransomwareCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.