Ransomware Attacks – How Attackers Take over Victims’ Money?

While initially known in Russia, nowadays the term ransomware has grown widely all over the world. From millions to billions, hackers have taken huge amounts of ransom money from users who try to retrieve their data after being attacked by this malware.

So, what is Ransomware?

It’s a type of computer malware that secretly installs on a computer system, executes itself to lock computer’s data and demands for a ransom amount to give the data back. It is, therefore, a type of Denial of Service (DOS) attack that prevents the victim from accessing his data without the decryption key.

How Ransomware Works?

Cryptoviral extortion, a 3-round protocol carried out between the attacker and the victim, goes as follows:

1. The attacker generates a key and places it into the malware before it is released.
2. After the malware is released, the cryptoviral extortion attack is performed on victim’s data to encrypt it. Now, a message is displayed to the user asking for e-money or ransom.
3. Once the attacker receives the payment, the decrypting key is sent to the user thereby completing the attack.

What’s the Goal?

In Ransomware attacks, usually, payment is the goal. Victims are made to pay a ransom amount to get their data back. Therefore, a key element that helps attackers in carrying out such attacks successfully is a convenient payment system. From wire transfers to pre-paid vouchers, attackers use a wide range of methods for online payment.

Some Popular Examples of Ransomware

• AIDS or PC Cyborg was the first known ransomware that worked by encrypting the names of the files and asked the user to pay US$189 to obtain a repair tool.
• Archiveus is a Trojan horse-type ransomware virus that encrypts the user’s files. The user must then purchase something on specific Web sites to obtain the password to decrypt the files.
• Reveton, another major ransomware was based on the Citadel Trojan and displays a warning claiming that the computer has been used for illegal activities.
• Fusob is from one of the major android ransomware families and works like a typical android ransomware. Employing scare tactics, the program demands the victim to pay a fine from $100 to $200 USD.

Security Measures for Ransomware Removal

Keeping both online and offline backups of data will help you recover easily from such attacks. Also, downloading anti ransomware tools and usage of web security software will help to keep such threats at bay. Not just individual internet users but businesses also need to care about these ransomware attacks in order to ensure safety of their data.