What is Ransomware and How Does it Work?
Ransomware is a type of malware or malicious software that infects a computer and blocks access to a computer system, files, or data. Usually the goal of ransomware is to extort money from victims. Frequently the ransom is demanded in the form of Bitcoin so as not to trace cyberattack back to the hackers. Although some believe that ransomware focuses only on corporations and larger organizations that can pay hefty sums of money to restore their IT systems, ransomware is often used to infect thousands of computers to extort smaller sums from a larger pool of targets.
Ransomware is in the news recently as municipalities, educational institutions, and smaller government agencies across the United States without large IT budgets have fallen victim to ransomware attacks. Some of the cities opted to pay the ransom, but others decided not to pay hackers but then worked for months to restore their IT systems.
Ryuk ransomware is a type of Trojan malware that infects computer and encrypts files demanding payment to restore access. Like many other ransomwares, Ryuk is initiated with a phishing email campaign with a trickbot delivered via a scam email. The phishing emails are delivered to a number of people within an organization to infect as many computers as possible. Ryuk kills computer processes, stop services, defeat antivirus apps, and backups on infected machines.
Baltimore Ransomware Attacks
In a March of 2018 Baltimore city services fell victim to a ransomware attack, essential services like fire, police, and emergency medical services including 911 and 311 phone systems were halted by hackers. Systems were blocked and city services were services halted.
Baltimore, Maryland was hacked again in May 2019. The ransomware attack again halted customer service and financial transactions for Baltimore city departments. Residents were unable to pay their bills for city and county accounts. Public Works was forced to use Twitter to communicate with residents. Baltimore City employees were told to unplug and sent home.
WannaCry ransomware is one of the most well-known and notorious ransomwares. In May 2017 WannaCry ransomware spread and infected to Window machines. By the time the infection was abated over 300,000 computers were infected with WannaCry. The ransom for each computer was $300 USD but payable in Bitcoin.
WannaCry is based on hacking tools developed by and stolen from the United States National Security Agency. The NSA’s Advanced Persistent Threat group, known as Equation Group. WannaCry was attributed to North Korea. The ransomware attacks infected Britain’s National Health System causing crippling the ability to care for patient’s system
Like many other malwares WannaCry was able to spread through unpatched Windows computers.
How Does Ransomware Infect a Computer?
Ransomware works by infecting one or more computers and working its way into an entire IT system. Frequently, ransomware attacks are launched with a phishing or spear phishing email campaign. Information for the phishing emails can be gleaned from social media accounts or and corporate or municipal websites.
Phishing emails are crafted to make them appear familiar and legitimate to the recipient. They may use the recipient’s name and come from what seems to be a business relationship or banking relationship. The goal of a phishing email is to get the recipient to click on a link to a malicious file or download a malicious attachment.
The malicious file may lock up a device immediately or download other malware. A Florida ransomware attack was launched with just one email click by a city employee who was fooled by a hacker’s email
What is Ransomware Protection?
Ransomware protection comes in a few forms. First it is important to protect your IT systems, maintain backups, and educate employees about the importance of cyber security. It’s also crucial to teach employees how to recognize a phishing email and then what to do and what not to do if they receive one.
Ransomware protection may also involve buying an insurance policy to pay for ransom or cover the cost of restoring a computer system
It’s also possible to buy ransomware protection in the form of an app. Computers, phones, and other electronic devices can be protected using up-to-date antivirus apps. Free and paid antivirus apps must also be kept updated with the latest libraries so a ransomware or malware attack can be detected and stopped
Can You Remove Ransomware?
Sometimes it is possible to remove ransomware without paying the hacker. Some ransomware attacks are not well constructed, and files can be rescued by the device owner. Recently a Fortnite game hack that spread itself claiming to be an aimbot and wallhack but was really a Syrk Ransomware attack in disguise. If unsuspecting players downloaded the game cheats, their computers were locked up by Syrk ransomware. In the case of the Fortnite ransomware, it was possible to decrypt your own machines and not pay the ransom.
In the case of WannaCry ransomware mentioned above Microsoft issued an emergency security patch that stopped it from spreading. The security patch was essentially a kill switch that stopped infected computers from spreading the ransomware further.
Michelle writes about cyber security as well as how to protect your data online. She has worked in internet technology for over 20 years Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. She published a guide to Cyber Security for Business Travelers