Ransomware

Ransomware is malware that can lock a device or encrypt its contents in order to extort money from the owner. In return, operators of the malicious code promise – of course, without any guarantees – to restore access to the affected machine or data.

Ransomware

Ransomware is malware that can lock a device or encrypt its contents in order to extort money from the owner. In return, operators of the malicious code promise – of course, without any guarantees – to restore access to the affected machine or data.

Reading time icon

4 min read

Reading time icon

4 min read

What is ransomware?

This kind of malicious software blocks or encrypts a user’s critical data so they cannot access personal files. Ransomware software then extorts payment from the victim in order to unlock access to the files.

In most cases the ransom message will be displayed on the screen when after the user restarts their system, or by adding a text file to the affected folders. Many ransomware families also change the file extension of the encrypted files.

Ransomware image

Types of Ransomware

There are multiple techniques used by the ransomware operators:

  • Scareware is usually rogue security software or a tech support scam. You may receive pop-ups claiming that malware was discovered and the only way to get rid of it is to pay. If you do not act, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe.
  • Screen lockers freezes you out of your PC completely. Upon starting up your computer, a full-size window will appear, often accompanied by an official-looking government seal saying illegal activity has been detected on your computer and you must pay a fine. However, the government would not freeze you out of your computer or demand payment for illegal activity. If they suspected you of piracy or any other cyber crimes, they would go through the appropriate legal channels.
  • Encrypting ransomware grabs your files and encrypts them, demanding payment in order to decrypt and redeliver. This type of ransomware is very dangerous because once criminals get a hold of your data, no security software or system restore can return them back unless you pay the ransom. Even if you do pay, there’s no guarantee the cybercriminals will give you your data back.

Read more

All the above-mentioned kinds of ransomware demand payment, most often requesting it to be made in bitcoin or some other hard-to-trace cryptocurrency. In return, its operators promise to decrypt the data or restore access to the affected device.

We need to stress that there is no guarantee that cybercriminals will deliver on their side of the bargain (and sometimes are unable to do so, either intentionally or because of incompetent coding). Therefore ESET recommends not paying the sum demanded - at least not before contacting ESET technical support to see what possibilities exist for decryption.

How to protect against ransomware

Basic rules you should follow to avoid your data being lost:

  • Back up your data on a regular basis – and keep at least one full backup off-line
  • Keep all your software – including operating systems – patched and up to date

The most efficient form of prevention is to use a reliable anti-ransomware solution

Advanced rules mainly for businesses:

  • Reduce the attack surface by disabling or uninstalling any unnecessary services and software
  • Scan networks for risky accounts using weak passwords
  • Limit or ban use of Remote Desktop Protocol (RDP) from outside of the network, or enable Network Level Authentication
  • Use a Virtual Private Network (VPN)
  • Review firewall settings
  • Review policies for traffic between internal and outside network (internet)
  • Set up a password in the configuration of your security solution(s) to protect it/them from being turned off by the attacker
  • Secure your backups with two- or multi-factor authentication
  • Regularly train your staff to recognise and deal with phishing attacks
History of ransomware image

Brief history

The first documented case of ransomware was in 1989. Called the AIDS Trojan, it was physically distributed through the post via thousands of floppy disks that claimed to contain an interactive database on AIDS and risk factors associated with the disease. When triggered, the malware effectively disabled the user's access to much of the content on the disk.

AIDS Trojan demanded a ransom (or as the ransom note named it, “license payment”) of US $189 to be sent to a post office box in Panama allowing the user to execute the program 365 times. Dr. Joseph Popp was identified as the author; authorities, however, declared him mentally unfit to stand trial.

Recent examples

In May 2017, a ransomware worm detected by ESET as WannaCryptorakaWannaCry spread rapidly, using the exploit EternalBlue leaked from NSA, which exploited a vulnerability in the most popular versions of Windows operating systems. Despite the fact that Microsoft had issued patches for many of the vulnerable OSes more than two months prior to the attack, files and systems of thousands of organizations around the globe fell victim to the malware. Damage it caused was estimated as being billions of dollars.

In June 2017, malware detected by ESET as Diskcoder.C aka Petya started making rounds in Ukraine, but soon burrowed its way out of the country. As it later turned out, it was a well-orchestrated supply-chain attack that misused popular accounting software so as to attack and harm Ukrainian organizations.

However, it got out of hand and by infecting many global companies including Maersk, Merck, Rosneft and FedEx; it caused hundreds of millions of dollars in damages.

ESET protects you against ransomware

ESET Smart Security Premium

Ultimate guardian of your online safety

ESET Smart Security Premium

Ultimate guardian of your online safety

ESET Smart Security Premium

Comprehensive antivirus and cyber security
for complete peace of mind while you’re online.