Ransomware: what is this malware?

“Ransomware” is the generic term used to designate any malicious software that blocks users’ access to some of their files, or even their entire system. To recover their data, they must agree to pay a “ransom”.

What is ransomware?¶

Ransomware is a particularly dangerous and insidious type of malware. This English word contains the term “ransom”, because this attack aims to extort money from the victim. Cybercriminals take files or even the entire operating system “hostage”. To do this, they infiltrate specific malware onto the computer they plan to attack, to encrypt certain parts of it, so that victims can no longer access it. To recover their files, they then receive a ransom demand; they must pay to have their data restored. They then have two options: pay, or seek to remove the ransomware.

Ransomware poses enormous dangers for businesses and individuals alike. It is indeed possible to encrypt or even destroy sensitive files. Only cybercriminals have access to the data affected by the attack, and this can therefore also be lost in the event of a rescue attempt. You should never comply with a cybercriminal’s requests. Indeed, nothing is guaranteed: even if you pay, it is still likely to destroy your files or disclose them. You also risk appearing as attractive prey, and your computer could therefore become the target of other attacks. Fortunately, many solutions exist if you want to protect yourself from a ransomware, spyware or scareware attack.

How to recognize a ransomware attack?

While there are several different types of ransomware, most of them are very quickly recognizable. The cybercriminal has every interest in informing you quickly of the situation in which you find yourself; he hopes that you will accede to his requests as soon as possible. Most of the time, you therefore receive a message fairly quickly informing you that you are the target of a ransomware attack accompanied by a threat scenario. You are often informed that sensitive files have been encrypted, and it is up to you to recover them. Such a message is usually accompanied by a countdown, which tells you how much time you have left to fulfill the cybercriminal’s demands. Often, it is appropriate to use Bitcoin to pay such a “ransom”.

The victim can therefore access the Bitcoin platform selected by the cybercriminal, but most other functions of their device are blocked. Although she can still view the affected files, she can no longer access them. If large parts of your system become infected, you may no longer even have access to your own desktop. Only the services necessary for the transaction then remain available. If you go to the end of it, you can recover your files; At least that’s the cybercriminal’s promise. To recognize the affected files, study any name change or new extension. If your system becomes slower or crashes more frequently, this may also indicate the presence of ransomware.

How to protect yourself against ransomware attacks?

Ransomware continues to evolve, so it is not possible to fully protect against such attacks. However, there are different options available to you if you want to at least make it more difficult for people who want to attack your system. We particularly recommend that you take the following precautions:

• Regular backups : Make regular backups or opt for a security system that can do them for you automatically. This way, you can easily access an older version of your files if you are the victim of a ransomware attack.
• Scans : Use an antivirus program to scan both your network and your system to detect potential ransomware and other malware early. In many cases, you can therefore prevent any upstream propagation, or even remove malware.
• Lots of caution : Open only files whose sender you know. For example, check whether the emails you receive contain suspicious-looking attachments, and look carefully at the extensions of different files. As for third-party external data media, such as USB drives, connect them to your device only if their source is reliable.

Ransomware Examples¶

Many ransomware attacks have already occurred in the past. Discover with us some of the most striking examples. Unfortunately, as security systems evolve, it’s a safe bet that ransomware will also improve. Perhaps you still remember the following cases?

• WannaCry : In 2017, WannaCry ransomware detected and exploited a vulnerability in Windows, attacking more than 230,000 computers in at least 150 countries. At the time, Microsoft had already proposed a patch to remedy this flaw, but older systems still remained exposed. Ultimately, many government organizations, hospitals and multinationals, including the French company Renault in 2017, paid the price for this ransomware.
• Ryuk : About a year later, Ryuk ransomware also made headlines, particularly in the United States. This malware has also attacked Windows devices, primarily targeting high-profile victims. It was enough for him to extort “ransoms” for a few months to arrive at an astronomical sum, with a six-figure loot. Ryuk was even able to be perfected, and he continued to rage for a few more years.
• BKA-Trojaner : BKA-Trojaner was a type of ransomware very common in Germany. It was capable of completely blocking targeted computers. For example, a message suggested that illegal content had been detected on the computer in question. The user was then ordered to pay a fine to the BKA (Bundeskriminalamt, or the “Federal Criminal Police Office”), so that it supposedly puts an end to the investigation. The real BKA of course had nothing to do with this subterfuge. Despite messages sometimes riddled with obvious spelling mistakes, cybercriminals have succeeded in many cases. Once payment was made by the victim using a prepaid card, the system was often not unlocked.