Home»Cybersecurity Encyclopedia»Ransomware: Definition, Types, Recovery, And Prevention

Ransomware: Definition, Types, Recovery, And Prevention

What is ransomware?

Ransomware is a type of malware that prevents users from accessing their data or using their device. In most cases, it encrypts the files and offers a decryption key in return for a ransom.

Types of ransomware:

By the effect on system:

  • Scareware makes users believe that there’s a virus on their computer and they need to purchase special software to remove it.
  • Locker terminates operations on a PC preventing users from accessing files and programs.
    • Mobile locker acts the same but instead of PC files blocks the mobile device.
  • Crypto encrypts all the files. A user can access a file, but the information within it is corrupted.
  • Leakware doesn’t harm the user’s files. Instead, it collects the information and sends it to a cybercriminal. The ultimate goal is to blackmail the user threatening the leak the data.

By the target technology:

By effect on previous file versions:

  • No effect
  • The malware encrypts all the versions of a file

Ransomware examples:

Cerber, Locky, CryLocker, CryptoLocker, Jigsaw, Ryuk, Spider, Petya, NotPetya, GoldenEye

Read about the recent examples of ransomware.

How ransomware works

On-prem:

Trick human into downloading a file> Infect > Encrypt > Demand ransom

Cloud:

Trick human into giving access to their cloud drive > Infect > Encrypt > Demand ransom

Read more about ransomware in action.

Channels of ransomware spread:

  1. Emails with links or file attachments:
    • Spam emails are sent to hundreds of people. They are usually of low quality and contain many mistakes.
    • Spoofing is pretending to be a trustworthy sender (mostly well-known and trusted organization like Amazon, Google, or Microsoft)
    • Spear phishing is pretending to be the authority of the recipient’s organization (e.g., a CEO).
  2. Posts on social networking websites that contain a link to malicious software
  3. Botnets. A computer that has previously been infected and becomes a part of a botnet can be an easy target for ransomware.
  4. Malvertising is advertising on a trusted website that redirects to a malicious website.
  5. Compromised websites. Cybercriminals look for vulnerabilities in trusted resources and inject malicious code. Alternatively, they create their own websites, often with prohibited content.
  6. Applications and programs from trusted developers can contain vulnerabilities. Hackers would look for them and exploit them to inject malicious code.
  7. Infected hardware, for example, removable media.

How to remove and recover from ransomware:

If you don’t have a backup follow the steps below:

  1. Isolate your device from the network and other devices
  2. Make screenshots and copy the ransom demand note
  3. Report the crime to authorities
  4. Check if previous versions of your files are also encrypted.
  5. If no:
    • Run the antivirus software to eliminate ransomware.
    • Then restore files.
  6. If your file versions are also corrupted:
    • Use online tools to determine your type of ransomware
    • Look for and download decryption keys
  7. If your ransomware is new and there are no decryption keys, estimate the consequences of paying ransom vs. deleting your files and act accordingly.
  8. Take the necessary steps to prevent getting ransomware in the future.

Keep in mind that these steps do not guarantee the recovery of your files unless you have backup or DLP.

How to prevent a ransomware attack

There are multiple strategies to defend against this type of malware. Here are four simple measures:

  1. Educate your employees about social engineering techniques
  2. Purchase backup tools
  3. Purchase anti-ransomware software
  4. Alternatively, purchase a tool that backs up your data and eliminates ransomware at the same time.

 

Published on: Nov 6, 2020
Davit Davit Asatryan Director of Product
About Author

Davit Asatryan is the Director of Product at Spin.AI

He is responsible for executing product strategy by overseeing the entire product lifecycle, with a focus on developing cutting-edge solutions to address the evolving landscape of cybersecurity threats.

He has been with the company for over 5 years and specializes in SaaS Security, helping organizations battle Shadow IT, ransomware, and data leak issues.

Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley. In his spare time, Davit enjoys traveling, playing soccer and tennis with his friends, and watching sports of any kind.

Featured Work:

Webinar:

Related articles

Ransomware

10 Ransomware Examples to Stay Away From

Although at the end of 2018, ransomware seemed to be slowing its pace on the cyber threat arena, 2019 has shown that this slowdown wasn't anything but “the calm before the storm”. Ransomware statistics for 2019 vividly illustrated the rapid growth…Read more
Uncategorized

4 Ransomware Trends Businesses Should Know in 2023

Ransomware has had a tremendous impact on businesses and individuals around the world. It targets companies of all sizes and exploits the weaknesses in their IT systems. It is important to understand the existing ransomware trends to know how to…Read more
Ransomware

5 Main Ransomware Attack Vectors in 2023

Ransomware is a sly, silent, and vicious criminal. It quietly makes its way past your security defenses into the heart of your data. It then keeps it hostage until you pay a ransom. To defend against it you need to understand how…Read more