Ransomware in a Nutshell

What is a ransomware?

Ransomware is a category of malware which disables the functionality of your computer by restricting your access to it. After that, it asks for a ransom (an amount of money) to be paid to the malware author to restore the system’s functionality. The tool locks a computer and displays various images to extort money from victims. Some ransomware may also hide and encrypt your personals files so that you don’t have access to them anymore.

How does a hacker extort money by using ransomware?

As stated above ransomware is a malicious tool because it  encrypts your files and forces you to pay a ransom to be able to decrypt them. But sometimes creators play on both, good and evil sides. Criminals develop the ransomware and tend to make money from it, but they sometimes might follow another way:

After a victim finds out he cannot open a file, he receives an email demanding a relatively small amount of money in exchange for a the password. If the victim won’t pay for the file, the “Bad Guy” won’t delete his files, on the other hand, he will create an Anti-Ransomware tool and sell it online. That Anti-Ransomware tool will contain the key to decrypt these files and that’s it “The Bad Guy” will gain money and reputation.

Types of ransomware?

a. SMS Ransomware – This type of ransomware locks your computer and displays a ransom message with a code. To unlock your computer, you are ordered to send the provided code via text message to a premium-rate SMS number to receive the corresponding code to unlock it.

b. File Encryptors – This kind of ransomware can encrypt your personal files and folders using complex encryption algorithms to make your computer’s data unusable. The malware author then demands that you pay for the decryption key using one of the online payment systems.

c. MBR Ransomware – MBR Ransomware can change your computer’s Master Boot Record (MBR) and interrupt the normal boot process. The MBR is a partition on your computer’s hard drive that boots the operating system. When this ransomware strikes, the ransom message is displayed as soon as the computer is turned on, meaning that you do not get the chance to load the operating system to remove the infection and repair your system.

How to remove ransomware (the best tools)?

a. Trend Micro Anti-Ransomware
b. BitDefender Anti-CryptoWall
c. EasySync CryptoMonitor
d. EasySync CryptoMonitor
e. Talos decryptor for TeslaCrypt

How to protect from ransomware?

1. Back up your data (the most important part)
2. Filter EXEs in email
3. Show hidden file-extensions
4. Disable files running from AppData/LocalAppData folders
5. Use the Cryptolocker Prevention Kit
6. Disable RDP
7. Use a reputable security suite
8. Disconnect from WiFi or unplug from the network immediately
9. Set the BIOS clock back

The last option…

As stated also from the FBI, if you cannot solve your problem and remove ransomware using these protection tools, the last option would be paying the ransom (especially if you’re personal files have been affected by Ransomware)

Article was provided by Agron Muaremi

Leave a Reply