From FdIwiki ELP
Jump to: navigation, search

Spanish version


It is a word in English that combines the words, ransom (rescue) and malware. It is used to refer not only to a type of computer virus, but to the extortion that it entails after it is installed in a device. It is one of the most attacks made since 2015 until today.

Basically the Ransomware can be defined as a computer threat similar to an attack in technological media and similar to the hijacking of information. It is a malicious code (or malware) that encrypts the information of the computer and introduces in it a series of instructions so that the user can not recover their files. The victim, to obtain the password that releases the information, must pay the attacker a sum of money, according to the instructions that he has. The payment is usually indicated through a bank deposit, after which the attacker sends the passwords to decrypt the information from the hard drive.

But the reality is that, being a scam, the cybercriminals do not usually send the decryption passwords. This increases in itself the fact that the victim, in many cases, does not report the scam.

Where are the ransomware

The most common means where ransomware is hidden are:

- "System updates"

- "Adobe Updates"

- "Web of questionable reputation"

- "E-mails with files or attachments"

In fact, the means of transmission are practically the same as the rest of the cyber threats. Once it has penetrated, the malware is activated and causes the operating system to crash by launching a warning message indicating the amount that has to be paid to retrieve all the information.

To enhance the uncertainty and fear of the victim, sometimes include in the threat, data such as the IP address of the victim, the Internet provider and even a photograph captured from the webcam.

Kind of blocks

To proceed with the "hijacking" of the data, it uses different methods of capturing information:

- "Block without encryption:" A system control takes place without encrypting the data. As a general rule, the malware deactivates the Task Manager, shields access to the registry and infects the EXPLORER.EXE file to make the desktop icons disappear and prevent you from using programs. The most sophisticated also prevent starting in Safe Mode. Although they are not easy to remove, as there is no data encryption, it is possible to recover the equipment by installing an antivirus.

- "Block with encryption:" This variant encrypts the data of the hard disk with encryption codes that are almost impossible to decrypt, if you do not know the key. If encryption only affects system files, an antivirus can regain control by reinstalling them. But if the entire operating system is encrypted or, even worse, the user's data, the only solution is to format the hard drive, with the inevitable loss of data.

Payment methods

All ransomware offer an alternative payment to the user to avoid the loss of data. The blackmail does not usually exceed € 100 because the attackers do not want a user to get a report. The most common payment methods are:

- "Transfer of bitcoins"

- "Payment by SMS"

- "Bank transfer"

- "Calling a phone number"

Avoid ransomware

These are some of the steps you can take to avoid this type of attack.

- Keep our operating system updated to avoid security failures.

- Have a good antivirus product installed and always keep it updated.

- Do not open emails or files with unknown senders.

- Avoid browsing unsafe pages or with unverified content.

Examples of Ransomware attacks

- Wannacry dominate in 2018

- Ransomware to gamers

- Ransomware 2014-2016