7 Important Ransomware FAQs that you must know
There can be no two way to the fact that Ransomware has easily become one of the biggest banes of digital security for individual users and enterprises alike.
Ransomware is a malware that locks an infected computer or encrypts its files (converts the files into an unreadable form). It then demands a ransom from the victim to let go off the system or decrypt the files.
The threat of ransomware has been steadily growing over the past few years, with attackers bringing in more sophistication into their attacks. We have outlined 8 important ransomware FAQs for you to know and understand so that you can be more prepared.
1. How old is ransomware?
Many might suppose that this nefarious malware is relatively new. But, its history can be traced back to 1989. AIDS Trojan is known to be the first ransomware virus; it was created to target the attendees of a World Health Organization’s international conference on AIDS. Although this malware was not technologically advanced and taken down without much effort, it became the forbearer of all the ransomware families that followed. They include:
| Ransomware | Time of occurrence |
| Archiveus | 2006 |
| Unnamed | 2011 |
| Reveton | 2012 |
| Cryptolocker | 2013 |
| Cryptodefense | 2014 |
| Sypeng and Koler | 2014 |
| CTB-Locker and SimplLocker | 2014 |
| LockerPin | 2015 |
| TeslaCrypt | 2015 |
| LowLevel04 and Chimera | 2015 |
| Ransom32 and 7ev3n | 2016 |
| Locky | 2016 |
| SamSam | 2016 |
| KeRanger | 2016 |
| Petya | 2016 |
| Maktub | 2016 |
| Jigsaw | 2016 |
| CryptXXX | 2016 |
| Zcryptor | 2016 |
2. What are the types of ransomware?
There are two primary variants of the ransomware malware.
1. File Encrypting Ransomware – encrypts the data (all types of files including pictures, word docs, spreadsheets, PDFs, videos, etc.) it can find in the computer that it infects.
2. Screen Locker Ransomware – Locks the screen of the infected computer and renders it useless.
Incidences of file-encrypting ransomware are more common than screen lockers. This could be because attackers want their victims to use their computer in order to pay computer their encrypted data.
3. How does a ransomware spread?
• The most common medium used by attackers to spread ransomware is email. Victims are sent fake and devious emails loaded with attachments that contain ransomware malware.
• Visiting compromised and infected websites can infect the user’s system with a ransomware.
When a computer is infected by a ransomware, nothing extraordinary happens that can alert the user of the incident. It is when the ransomware displays its ransom note (demanding a certain sum of money) that the user realizes that something is wrong.
4. Are ransomware creators picky about their victims?
The one universal truth about cyber is that they are not biased. Anyone who uses a computer and is connected to the Internet is a potential victim. And this could be a blogger sitting in a restaurant accessing the free Wi-Fi and working on a blog or a big retail organization.
5. Why is ransomware a difficult malware to deal with?
The main reason that makes ransomware a hard nut to crack is the technology they use to encrypt files. Primitive ransomware families used an encryption method which was relatively easy to break. The modern day’s ransomware, however, uses a more complex method to encrypt the victim’s files. Here, criminals have two things – a public key for encrypting the files and a private key for decrypting the files. It is the private key that a victim needs to buy in order to decrypt the files. Without this key, the decryption is impossible.
6. Should you pay the ransomware’s ransom?
While the answer is easier said than done, it is strongly recommended never to pay the ransom. Paying extortionists only encourages them. Secondly, it is never guaranteed that you will get back your files even after you have met the ransomware’s demands; after all, you are dealing with crooks with zero morale.
7. What should you do to stay away from ransomware?
Because it is impossible to decrypt any files without the private key, preventing a ransomware infection is critical. Below are some simple security measures that reduce the risk of ransomware attacks to a great extent.
- Never open emails sent by unknown, unwanted or unexpected sources.
- If an email seems to have been sent by someone you know and carries a sense of urgency, call up the sender and verify. Most phishing emails are made to sound important or urgent. The way they are written is mainly to trick you into taking an action like clicking on a link or downloading an attachment.
- Do not click on links or download attachments in emails that ask for your personal information, or talk about your bank accounts.
- Apply all recommended security updates for your Operating System, programs like Adobe, Java, Internet Browsers, etc. These updates fix security weaknesses in these programs and prevent malware from exploiting them.
- Make sure that your antivirus software is up-to-date and blocks phishing emails and phishing websites.
- Take regular backups of your files. Remember to disconnect the Internet when you are backing up on a hard drive. Unplug the drive before you go online again.
- Install an antivirus that can prevent ransomware from infecting your computer. This infographic shows what Quick Heal does to stop this malware.
Source
https://www.csoonline.com/article/3095956/data-breach/the-history-of-ransomware.html#slide22
https://www.darkreading.com/endpoint/a-brief-history-of-ransomware/d/d-id/1325212
