Ransomware is a type of computer virus that seizes control of a user's computer or encrypts the data and then demands a ransom for the return of normal operations. The most famous examples of ransomware are Reveton, CryptoLocker, and WannaCry. Ransomware is usually spread by phishing attacks or click-jacking. Once the virus is installed, users lose the ability to access their computer data or use the machine. Many ransomware attacks demand ransoms to be paid via cryptocurrency, like Bitcoin.
Ransomware is spread by virus files that must be installed as an .exe by the user. After the virus enters the network, it may be able to spread laterally across devices. In this instance, the ransomware is also known as a worm. A network user may mistakenly install a file on a local computer from a phishing or click-jacking attack. If antivirus is installed on the network, it must either have the signature for the ransomware attack file or detect it by suspicious activity. Otherwise, it can escape detection.
The most common form of ransomware is the encryption attack. All the files on a user's computer are encrypted by the virus and cannot be unlocked unless the ransom is paid. This is the definitive pattern of ransomware. Many people would rather pay the ransom than lose all their data. The other type of ransomware is a deletion threat. In this instance, the data is threatened with deletion if the ransom is not paid by a certain date. Another less common variety is an extortion or doxxing attack.
Known ransomware will be covered by antivirus, but like any threat, a zero-day attack cannot be effectively screened by these utilities. Similarly, even the most well trained and professional users can fall prey to a phishing or click-fraud attack. Ransomware worms spread laterally in a network without human interaction. It depends on the complexity of the exploit code. Antivirus software that detects malicious activity is the best way, i.e. scanning the .exe before installing files from the web.
Ransomware often targets large corporations and government agencies where a single user’s mistakes can lead to a wide infection pattern. Other users may be infected by spam email or phishing attacks.
Install a verified antivirus software from one of the main providers like McAfee, Kapersky, Symantec, or Norton for the best protection and avoid installing any .exe files from web links. Look out for suspicious emails from unknown sources that have attachments. Often these emails will have spelling mistakes, use generic language (i.e. “Dear Sir/Madam”), or will come from a suspicious looking address.
Reveton in 2012 started the ransomware trend by impersonating a police department and demanding a fine. CryptoLocker in 2013 began the trend of BitCoin ransom attacks.
Ransomware makes business owners consider how they approach antivirus, network security, and data backups. Businesses are recommended to use an antivirus scan on the firewall that includes known ransomware attacks. Administrators must consider how much tolerance they have for data loss on worker PCs and how to integrate regular secure backups on desktop productivity machines. Learn how the VMware Service-defined Firewall helps mitigate ransomware and other attacks.
Data Center Security