News & Blog

The Workings of Ransomware.

By Francis West on 28th July 2016

Locky and Raa are both examples of one of the most dangerous and prevalent forms of malware known as ‘ransomware’.

This major online threat has hit the news in recent months due to the chaos and misery that it has brought to its victims. Here is brief summary of the types of ransomware that we know about and what tricks they use.

Deleting Encrypted Files.

The ultimate object of ransomware is to force the victim to make a payment to halt and reverse the effects of malware i.e. pay for a software key to release the files that the ransomware has encrypted.

Jigsaw ransomware for example not only encrypts the files but deletes one of the files that it has encrypted every hour until the money is paid. This means that even if the victim pays they can’t reverse the damage. What is more, Jigsaw deletes an extra 100 files for good measure each time victim restarts their computer.

Encrypting Drives and Servers.

Ransomware such as Petya encrypts whole drives such as your computer’s entire Master File Table whereas ransomware like RansomWeb and Kimcilware are designed to infect whole web servers encrypting their website databases and hosted files.

Encrypting Network Drives.

The scale and scope of the dishonest work carried out by variants of ransomware varies widely. Some versions such as those called DMA Locker, Locky, Cerber and CryptoFortress work by going for the network drive and try to encrypt parts of the Server Message Block (SMB).

Compressing to Speed Up Encryption.

In order to make the encryption of files as fast as possible some ransomware such as Maktub even goes to the trouble of compressing the files first.

Attack in the Cloud.

With more businesses moving critical files to the Cloud so the cyber criminals follow. Some new forms of ransomware are able to delete or overwrite cloud back-ups.

Non Windows Not Safe.

Ransomware such as SimpleLocker for example encrypts files on Android, and Linux.Encode.1 encrypts files on Linux.

Spoken Ransom Messages Through Your Speakers!

It sounds chilling but ransomware such as Cerber generates a script that allows it to speak a ransomware message through the victim’s speakers in 12 different languages!

Buying It In.

For some cyber criminals it’s simply a case of buying in ransomware such as Tox as a service via underground forums. It can provide everything the cyber criminal needs including the vital facilitating of the transfer of funds.

What Does This Mean For Your Business?

As with any malware risk the trick for a business is not to get infected in the first place with the software that enables the attack to be launched.

Businesses need therefore to raise awareness among staff that they all need to be very careful about opening emails with attachments and / or emails from sources that are not familiar.

Keeping computer updates, patches, and anti virus software up to date is also very important. Having a reliable, secure back up of your important files and folders is also advisable if not essential.