So What is Ransomware, Exactly?

Cryptolocker, Wannacry, CryptoWall, Locky, Winlocker, and KeRanger, the news has been full of these scary sounding programs.  Ransomware can strike fear into the heart of any office manager and business owner.  Once your organization becomes the victim of a Ransomware attack you will be facing sleepless nights, technology headaches, and days or weeks of trying to untangle the damage the hack has caused.  By now, most people know the best way to handle a Ransomware attack is to avoid one in the first place; by installing the latest patches and software updates, educating end users to avoid clicking on unfamiliar links, and not connecting to public Wi-Fi.  While many people are gaining an understanding on how to prevent an attack; most have a limited idea of what exactly Ransomware is.  Ransomware is a type of malware.  Instead of corrupting or deleting your files or poking around in your systems to gain information about your organization; this malware locks you out of your system or denies you access to your data unless you pay the hacker a ransom.

Ransomware is the umbrella term for two different categories of malicious programs: Encryptors and Lockers.  Encrypting ransomware are programs that encrypt your files.  The thieves will demand a payment (often using Bitcoin the untraceable cyber currency favored by criminals worldwide) for the unique key that will decrypt your files, allowing you full access to them once again. The thieves generally employ a strong hashing algorithm to accomplish the encryption.  Anyone who has tried to untangle this mess on their own would discover that it would take a normal desktop PC several thousands of years to break the encryption and regain access to the files.  

Locker ransomware is the second type of malware.  In this attack, the user is locked out of their own systems.  Victims are locked out of their own operating systems making it impossible for the desktop and files to be accessed.   Some versions affect the Master Boot Record (MBR) of the PC’s hard drive, interrupting the boot up process and never allowing the computer to boot up.  In years past, victims of this attack will often see a message claiming to be from a law enforcement agency claiming that some sort of illegal activity had been detected on the user’s computer.  The victim is told if they pay a “fine” the computer will be unlocked and the user will once again have full access to their systems.  Recently the hackers have dropped this charade and just inform the victim that they have been hacked and demand payment to unlock their computer.

At Techworks Consulting, our core competency is all things technology.  We are focused on keeping on top of all developments in the cyber world; and keeping you informed about what to watch out for and what the risks are.  We are your technology resource. Contact us today!