Ransomware

Reading time icon

4 min read

Reading time icon

4 min read

Ransomware is malware that can lock a device or encrypt its contents in order to extort money from the owner. In return, operators of the malicious code promise – of course, without any guarantees – to restore access to the affected machine or data.

What is ransomware?

This specific kind of malicious software is used for extortion. When a device is successfully attacked, malware blocks the screen or encrypts data stored on the disk and a ransom demand with payment details is displayed to the victim.

How to recognize ransomware?

If you have been attacked, ransomware will in most cases inform you by displaying a ransom message on your screen, or by adding a text file (message) to the affected folders. Many ransomware families also change the file extension of the encrypted files.
Ransomware image
Spread the word and share online

How does ransomware work?

There are multiple techniques used by the ransomware operators:
  • Diskcoder ransomware encrypts the whole disk and prevents the user from accessing the operating system.
  • Screen locker blocks the access to the device’s screen.
  • Crypto-ransomware encrypts data stored on victim’s disk. 
  • PIN locker targets Android devices and change their access codes to lock out their users. 

Read more

All the above-mentioned kinds of ransomware demand payment, most often requesting it to be made in bitcoin or some other hard-to-trace cryptocurrency. In return, its operators promise to decrypt the data or restore access to the affected device. We need to stress that there is no guarantee that cybercriminals will deliver on their side of the bargain (and sometimes are unable to do so, either intentionally or because of incompetent coding). Therefore ESET recommends not paying the sum demanded - at least not before contacting ESET technical support to see what possibilities exist for decryption.

How to stay protected?

Basic rules you should follow to avoid your data being lost:
  • Back up your data on a regular basis – and keep at least one full backup off-line
  • Keep all your software – including operating systems – patched and up to date
However to help users/organizations recognize, prevent and remove ransomware a reliable and multi-layered security solution is the most efficient option.

Advanced rules mainly for businesses

  • Reduce the attack surface by disabling or uninstalling any unnecessary services and software
  • Scan networks for risky accounts using weak passwords
  • Limit or ban use of Remote Desktop Protocol (RDP) from outside of the network, or enable Network Level Authentication
  • Use a Virtual Private Network (VPN)
  • Review firewall settings
  • Review policies for traffic between internal and outside network (internet)
  • Set up a password in the configuration of your security solution(s) to protect it/them from being turned off by the attacker
  • Secure your backups with two- or multifactor authentication
  • Regularly train your staff to recognize and deal with phishing attacks
History of ransomware image

Brief history

The first documented case of ransomware was in 1989. Called the AIDS Trojan, it was physically distributed through the post via thousands of floppy disks that claimed to contain an interactive database on AIDS and risk factors associated with the disease. When triggered, the malware effectively disabled the user's access to much of the content on the disk. AIDS Trojan demanded ransom (or as the ransom note named it, “license payment”) of US $189 to be sent to a post office box in Panama allowing the user to execute the program 365 times. Dr. Joseph Popp was identified as the author; authorities, however, declared him mentally unfit to stand trial.

Recent examples

In May 2017, a ransomware worm detected by ESET as WannaCryptorakaWannaCry spread rapidly, using the exploit EternalBlue leaked from NSA, which exploited a vulnerability in the most popular versions of Windows operating systems. Despite the fact that Microsoft had issued patches for many of the vulnerable OSes more than two months prior to the attack, files and systems of thousands of organizations around the globe fell victim to the malware. Damage it caused was estimated as being billions of dollars. In June 2017, malware detected by ESET as Diskcoder.C aka Petya started making rounds in Ukraine, but soon burrowed its way out of the country. As it later turned out, it was a well-orchestrated supply-chain attack that misused popular accounting software so as to attack and harm Ukrainian organizations. However, it got out of hand and by infecting many global companies including Maersk, Merck, Rosneft and FedEx; it caused hundreds of millions of dollars in damages.

ESET protects you against ransomware

ESET Smart Security Premium

PREMIUM SECURITY

ESET Smart Security Premium

Built without compromise for users who want it all.
Secures Windows, macOS and Android devices.

Ultimate digital security for business

Protect your company endpoints, business data and users with ESET's
multilayered technology.

Ultimate digital security for business

Protect your company endpoints, business data and users with ESET's multilayered technology.

Want to know more?

Follow us for all the latest tips and news

Follow us for all the latest tips and news

MENUCLOSE
ESET Smart Security Premium box

Ultimate
protection

ESET Smart Security Premium

Advanced
protection

ESET Internet Security

Essential
protection

ESET NOD32 Antivirus

Small and Home  office protection

Easy-to-use device security with advanced privacy features

ESET Mobile Security for Android

Keep your Android device safe. Wherever you go

ESET Parental Control for Android

Protect your children online with confidence

ESET Smart TV Security box

ESET Smart TV Security

Internet of Things security starts with your TV

Renew my license

Renew, upgrade or add devices to your license

Existing
 customer?

Manage your license, update date and more

Download

Install your protection or try ESET free for 30 days

Download

Install your business protection or request a free trail

Why ESET?

Superior technology

Learn more about our unified cybersecurity platform

Industry recognition

ESET cybersecurity solutions are recognized and industry-wide.

Corporate blog

Cybersecurity news from ESET's award-winning researches.

Customer zone

Existing
customer?

Manage your license, update billing information and more

Live chat

Need help purchasing, renewing a license or have product questions?

Business sales

for business customers

For business sales call:

1-844-824-3738

MONDAY - FRIDAY, 6AM - 5PM PT