Last updated on June 7, 2022

What is Ransomware?

It is a malware (malicious software) attack and in here the attacker locks and encrypts the victim’s data / important files and the attacker doesn’t stop there, he/she demands a payment to unlock and decrypt the data.

How does Ransomware work?

When a device is infected with ransomware that can remain inactive in that device until the device is at a very vulnerable state and later on it executes an attack. The process of how it happens is shown below.

  1. Victim clicks on a link or opens an attachment
  2. Ransomware gains access of the device
  3. Encrypts files or data and now the victim cannot access them
  4. Demands a ransom payment to restore files and data

How do we get Ransomware?

Malspam (Malicious Spam) – Threat actors send ransomware through spam emails that contain malicious attachments to many people who will open the attachment and get trapped. The attachments can contain word documents, PDFs, links to malicious websites etc.

Malvertising (Malicious Advertising) – Herein Online advertising is used to distribute malware with minimum / no user interactions. While browsing even an authentic website can lead users to harmful servers even without clicking on ads. These servers then keep information and location of the victimized devices and later on send the most matched malware (ransomware). This approach is called drive by download.

Spear phishing – A more targeted ransomware attack is performed using this technique. For example sending emails to all employees of a specific company claiming it’s the HR department asking employees to download a new HR policy. This contains malware that can attack all the devices of employees.

Social Engineering This is used to trick people and tempt them to open attachments or click on links pretending to be from a trusted source. E.g., Social engineers gather information about users’ interests, places they visit, etc. and send them messages which are very familiar to them. In here usually the user is tempted to click on the message without a second thought.

Read our next article for Types of Ransomware and their main targets

Sources:
https://www.imperva.com/learn/application-security/ransomware/
https://www.malwarebytes.com/ransomware