Monday, 24 July 2017

What Is Ransomware And How To Remove Malware From Computer

What is ransomware?

Ransomware is a type of malicious software that jeopardizes the victim’s data and perpetually blocks users access to his/her data on his/her computer, unless a ransom fee is paid.  Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of one of the open security vulnerabilities.

Ransomware Malware Virus


Most of the Ransomware attacks are a result of clicking an infected email attachment, spam emails, visiting hacked or malicious websites like pornographic sites, betting sites or random hookup sites. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral exaction. In this technique the Ransomware encrypts the victim’s files, making them inaccessible and demands a ransom payment to decrypt them. This ransomware also gives a timer in which you have to pay that amount or else they will increase the ransom amount. These days ransomware doesn’t just affect desktop machines or laptops; it also targets mobile phones.

There are two types of Ransomware?

  1. Encrypting Ransomware: It incorporates advanced encryption algorithms.It is designed to block your access to system files and demands ransom to provide you with the key that can decrypt the blocked content.
  2. Locker ransomware: – Itlocks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers of ransomware still ask for a ransom amount to unlock your infected computer. Some locker versions can even taint the Master Boot Record (MBR). The MBR is the section of a PC’s hard drive which enables the operating system to boot up and keeps a track of the files on the hard drive. When MBR ransomware strikes, the boot process can’t complete as usual and prompts a ransom note to be displayed on the screen.

How does a ransomware infect your system?

  1. Spam emails is a most common way to sneak into your system. It contain malicious links or attachments.
  2. Redirects to malicious websites.
  3. Drive by downloads: A drive-by download refers to the unintentional download of a virus or malicious software (malware) onto your computer or mobile device. A drive-by download will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw.
  4. Visiting Websites that have malicious code injected in their browser or web pages.
  5. Security exploits in vulnerable software.
  6. Dropbox links, advert on web pages or by clicking hyperlink.

It uses an anti-sandboxing mechanism so that the antivirus won’t detect it.
Ransomware mainly targets on big organisation groups and business individuals and to know the reason you can read Why Ransomware criminal target businesses?

Top targets of ransomware developers:

They attack the most profitable users or companies like:
  1. Police stations
  2. Schools
  3. Businessmen
  4. City councils
  5. Government agencies

Traits of Ransomware:

  1. Unbreakable encryption
  2. Ability to encrypt all kind of files like pictures, audio, video and anything on your PC.
  3. Scrambles your file names so you won’t know what data was effected.
  4. Image or message will display on your screen indicating your data has been hacked/encrypt.
  5. Payment in bitcoins: they demand for ransom fee in the form of bitcoins.
  6. The ransom payments have a time limit. Going over the line means ransom amount will increase or data will be destroyed or lost for forever.
  7. It also spreads to other PC’s that are connected to the infected pc on a local network.

Why ransomware criminals target home users?

  1. Home Users have less cyber security education on such ransomware virus.
  2. Lack of safety awareness makes home users an easy target.
  3. Missing baseline cyber protection i.e. no antivirus or internet security installed.
  4. Home users don’t keep their system up to date.
  5. Home users don’t have backup and criminals take benefit of that.
  6. Home users population is higher and thus probability of people paying up the ransom increases.

Why Ransomware criminal target businesses:

  1. That’s where the money is.
  2. Every minute is important for business, thus pay ups are faster.
  3. Cyber criminals know that businesses would rather not report an infection for fear or legal consequences and brand damage.
  4. Smaller businesses are not often ready for these attacks.
  5. Attackers know that a successful infection can cause major business disruptions, which will increase their chances of getting paid.
  6. Files and Folders are very important for every businessman and that is what these attackers keeps in mind. Attackers take advantage of this fact and demand for high ransom to be paid.

A list of most deadly Ransomware attacks till now:

  1. WANNACRY: The latest virus which currently spread all across the world at a rapid rate is Wannacry, It originated from NHS in UK on 15 may 2107. On this date, this ransomware took the world by surprise. It affected hospitals, police stations, schools etc. all around the world. At least 200,000 computers in more than 74 countries all over the globe including India, were infected. “Pay a ransom fee of 300$ in form of bitcoins to get back the complete access of your system and admin rights” is one of the ransom note examples used.
  2. PETYA: Petya global ransomware has come a little after the “month of Wanna Cry” got over and has already shown its wrath in the countries like Ukraine, Netherlands, Romania, France, Norway, Britain, Russia, and, Spain. Not taking more than some cloudy hours, the petya cyber-attacks have affected some of the major companies in USA and India as well.
  3. CRYPTOGOD: CryptoGod Ransomware is a newly discovered file encrypting ransomware. It is a highly advanced ransomware virus. CryptoGod ransomware is a new iteration of the Hidden Tear malware that encrypts data with the. payforunlock
  4. LOCKY:  Locky is ransomware distributed via malicious .doc files attached to spam email messages. Each word document contains scrambled text, which appear to be macros. This ransomware changes the desktop wallpaper. Both text files and wallpaper contain the same message that informs users of the encryption. All have identical behavior – they encrypt files and demand a ransom.
    For more information on Locky, click on the given link : Locky Ransomware

Source : http://www.howtoremoveit.info/
Source : http://www.howtoremoveit.info/ransomware-removal-tool-and-guide/

No comments:

Post a Comment