By Danny Palmer | June 28, 2017

All you need to know about ransomware in 60 seconds

What is a ransomware attack?

Ransomware is one of the biggest problems on the web right now. It's a form of malware which encrypts documents on a PC or even across a network. Victims can often only regain access to their files and PCs by paying a ransom to the criminals behind it. A ransomware infection often starts with someone clicking on what looks like an innocent attachment, and it can be a headache for companies of all sizes.

Cybercriminals didn't use to be so obvious. If hackers infiltrated your corporate network, they would do everything possible to avoid detection. It was in their best interests not to alert a victim that they'd fallen victim to cybercrime.

But now, if you are attacked with file-encrypting ransomware, criminals will brazenly announce they're holding your corporate data hostage until you pay a ransom in order to get it back. It might sound too simple, but it's working: cybercriminals pocketed over $1bn from ransomware attacks during 2016 alone.

What is the history of ransomware?

While ransomware exploded last year, increasing by an estimated 748 percent, it's not a new phenomenon; the first instance of what we now know as ransomware appeared in 1989.

Known as AIDS or the PC Cyborg Trojan, the virus was sent to victims -- mostly in the healthcare industry -- on a floppy disc. The ransomware counted the number of times the PC was booted: once it hit 90, it encrypted the machine and demanded the user 'renew their license' with 'PC Cyborg Corporation ' by sending $189 or $378 to a post office box in Panama.

How did ransomware evolve?

This early ransomware was a relatively simple construct, using basic cryptography which mostly just changed the names of files, making it relatively easy to overcome.

But it set off a new branch of computer crime, which slowly but surely grew in reach -- and really took off in the internet age. Before they began using advanced cryptography to target corporate networks, hackers were targeting general internet users with basic ransomware.

One of the most successful variants was 'Police ransomware', which tried to extort victims by claiming to be law enforcement and locking the screen with a message warning the user they'd committed illegal online activity, which could get them sent to jail.

However, if the victim paid a fine, the 'police' would let the infringement slide and restore access to the computer. Of course, this wasn't anything to do with law enforcement -- this was criminals exploiting innocent people.

While somewhat successful, these forms of ransomware often simply overlaid their 'warning' message on the user's display -- and rebooting the machine could get rid of the problem.

Criminals learned from this and now the majority of ransomware schemes use advanced cryptography to truly lock down an infected PC.

What are the main types of ransomware?

Ransomware is always evolving, with new variants continually appearing in the wild and posing new threats to businesses. However, there are certain types of ransomware which have been much more successful than others.

Perhaps the most notorious form of ransomware is Locky, which terrorised organisations across the globe throughout 2016. It infamously made headlines by infecting a Hollywood hospital. The hospital gave into the demands of cybercriminals and paid a $17,000 ransom to have its networks restored.

Locky remained successful because those behind it regularly update the code with changes which allow it to avoid detection. They even update it with new functions, including the ability to make ransom demands in 30 languages, helping criminals more easily target victims in around the world. Locky became so successful, it rose to become most prevelant forms of malware in its own right.

Cryptowall is another form of ransomware which has found great success for a prolonged period of time. Starting life as doppleganger of Cryptolocker, it's gone onto become one of the most successful types of ransomware.

Like Locky, Cryptowall has regularly been updated in order to ensure its continued success and even scrambles file names to make it harder for victims to know which file is which, putting additional pressure on the victim to pay.

Ransomware: An executive guide to one of the biggest menaces on the web

Read more at:  http://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web

Zero Day  Zdnet.com