Network Security

Ransomware – An Introduction

What is Ransomware?

Ransomware is a malware/malicious software program designed to block or disable access to the data your computer. The program displays a full-screen message on your screen claiming all files/programs have been blocked or encrypted. It demands a ransom, to be paid within a specific time, in order to decrypt/restore access.

How does Ransomware get into a Computer?

The process is similar to how a virus or malware gets into a computer: Email messages claiming to contain important attachments, drive by download — from websites or even ads that seem to offer valuable/illegal stuff for free, fake antivirus/anti-malware downloads, fake updates for popular programs, social engineering methods, friends on social networks enticing you to click on certain links, through botnets, etc.

What are the Two main types of Ransomware?

  1. Locker Ransomware: This type prevents access to the Computer’s User Interface. But it may allow only keyboard usage, for example, to key in the code obtained after paying the ransom. Everything else is blocked.
  2. Crypto Ransomware: This type encrypts files and folders in the computer and flashes a warning message that the decryption key will be sent to the user only upon the payment of a ransom, that too within certain date/time. Other computer functionality may still work.

There are certain browser-based ransomware that display hundreds of dialog boxes, practically disabling the browser/computer usage until the user pays up. This ransomware is OS-independent.

How does a User pay?

Ransomware may ask the user to pay in multiple ways ranging from wire transfer, anonymous payment vouchers or bitcoins. It may want the user to make payments through an encrypted browser and may employ encrypted communications through a ToR network for Command & Control activity.

How to Stay Safe?

The best way to stay safe from ransomware attacks is to maintain a full backup of system files, data and programs. Creating user awareness is important.

It helps to have security software and follow practices like not allowing programs to auto install, AV/anti-malware software, web filtering, blocking unused ports and restricting access through firewall, reputation services to block malicious websites, encryption of data at rest, automatic backup/recovery, snapshots, etc.

Popular security software vendors offer ransomware removal programs, and some of these aimed at specific types of ransomware can be downloaded for free. Try to download these software only from well-known security vendors, directly from their websites. Some vendors may assist with cracking the decryption key, but this may be a difficult and time-consuming task.

Can a Ransomware affect only Computers?

There are ransomware that affect NAS (Network Attached Storage) systems, Computer Servers, etc. For example, the database stored on the server of a financial website can be encrypted.

Ransomware also affect mobile/smart phones. These are generally disguised as free apps that provide premium services, adult content, or illegal services and entice users to install and try it on their phones. It locks the phone and demands a ransom to unlock it.

In the future, ransomware maybe written to affect any device connected to the Internet, especially the smart connected devices that have limited interface options, like in the IoT (Internet of Things) ecosystem.

References: Ransomware (Wikipedia article); The Evolution of Ransomware (Symantec, PDF); Your Money or Your Life Files (, PDF).

You could stay up to date on Computer Networking/IT Technologies by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’.