If you have used a computer, you have likely heard of ransomware. Whether you know it or not, there is a good chance you may have even encountered an attempted attack at one point.
With data provided by Emisoft, the New York Times notes that in 2019, 205,280 organizations submitted files that had been hacked in a ransomware attack. This represents a 41 percent increase from the year prior. These attacks have not discriminated against their victims either. They have frozen the data of U.S. government operations, cargo facilities, and hospitals, just to name a few.
These troubling statistics further reinforce the fact that ransomware is not going away, while in fact, it may be getting worse. Why is this? The sophistication of the modern-day cybercriminal has hit new heights. Ransomware now comes in many damaging variants, and we outline a few of the more common ones below.
What is ransomware?
Before we dive into some common strains of the ransomware virus, it will be best to understand what it is more broadly.
Ransomware is a type of malware that encrypts a victim's files. The attacker will then demand a ransom to restore access to the data. Payment is required to obtain a "decryption key". Financial demands can range from a few hundred to hundreds of thousands of dollars. Larger organizations are often slapped with the largest demands, given their financial capability and the mass amounts of data they often store.
3 common ransomware variants to be aware of
This type of ransomware is often one of the most difficult to notice. It provides virtually no indication of infection while encrypting your files. Once the process is complete behind the scenes, the results can be devastating. Cerber can infiltrate your device in several ways, including:
- Downloaded in free programs online
- Distributed via links or attachments in emails
- Installed by websites using software vulnerabilities. This method is often "silent", with very little warning of infection beforehand
What happens next? Once Cerber ransomware has infected your computer system, it immediately gets to work. It infects files used for the regular day to day operation of your system and renders them unusable. Free ransomware removal programs will be ineffective against Cerber, leaving victims with a choice between paying the ransom to retrieve files or enlisting the help of an IT expert.
This type of ransomware seems to be standard fare in terms of data encryption, at least at first. However, CryLocker enjoys adding "insult to injury" as it locks up critical files. It will typically use websites such as imgur.com to host personal information about victims, found within files.
If that wasn't bad enough, CryLocker uses the Google Maps API to pinpoint a victim's location, using nearby wireless SSIDs.This is used as a scare tactic to convince a victim to pay the ransom. Like many other forms of ransomware, CryLocker is usually paid out in BitCoin.
Originally known as "BitcoinBlackmailer", Jigsaw ransomware is known for encrypting files and gradually deleting them until a ransom is paid. Originally introduced in April of 2016, Jigsaw remains a threat today.
How does it work? It was designed to spread through malicious email attachments; more reason to double-check incoming attachments and only open those from senders you trust. Upon encrypting all user files and master boot records, a pop-up will appear on the victim's screen, featuring an image of Billy the Puppet, a character used in the Saw franchise of films. Accompanied by Billy's image is a demand for a ransom payment. Immediately after the demand is made, the victim's clock begins to tick. If the ransom is not paid in one hour, one file is deleted. For each hour thereafter, files will be deleted in greater amounts. This pattern continues until a computer is fully wiped at the 72-hour mark. Victims are urged to avoid attempting to terminate the process or reboot their systems as this will result in 1,000 files being deleted at once. If losing files in this manner wasn't bad enough, more recent versions of Jigsaw ransomware threaten to dox a victim by posting personal information found within the files online.
The bottom line - be wary of ransomware
Whether at work or at home, ransomware is one of the most significant threats facing the safety of our data in a connected world. As was exemplified in this post, ransomware can take many different routes of action, although a blanket encryption of critical files is standard procedure.
Although ransomware can sometimes unknowingly infect a system, users should always maintain hyper-vigilance by avoiding the download of free programs online and downloading attachments from senders who are not trusted contacts.