Open up any news feed on the security industry and you’ll read stories on attacks that started with the end user of the affected company. Whether it’s phishing schemes, social engineering or drive-by downloads, there’s no shortage of ways for attackers to compromise the least patchable resource in a company: its employees.
What is ransomware?
Ransomware is the generic term for any malicious software that, as its name suggests, demands a ransom be paid by the computer’s user.
Why would you want to pay a ransom?
Because the ransomware has done something unpleasant to your computer, and potentially to your data. For instance, it might have encrypted your documents and demanded that you pay a ransom to unlock access to them. This type of ransomware is known as a filecoder.
How would my computer get infected by ransomware like Cryptolocker?
A typical method of infection would be to open an unsolicited email attachment or click on a link claiming to come from your bank or a delivery company.
There have also been versions of Cryptolocker seen which have been distributed via peer-to-peer files-sharing networks, posing as activation keys for popular software like Adobe Photoshop and Microsoft Office.
If your computer becomes infected, Cryptolocker hunts for a wide range of file types to encrypt – and once its dirty work has been done, displays a message demanding you electronically transfer the cash to have the files decrypted.
Today the criminals are taking a new tack to force payment, threatening to publish the data on the Internet of the ransom isn’t paid. In this module we discuss Ransomware as a malicious piece of software that encrypts a user or company’s files and forces them to pay a fee to the hacker in order to regain access to their own files.
The hackers can use the following attack vectors to infect a machine: phishing emails, un-patched programs, compromised websites, online advertising and free software downloads.