What is Ransomware?


What is ransom virus? How to protect from it? And how to remove it?

In the past few years, there has been a lot of talk about the ransomware virus, or as it is called Ransomware, and I am sure that you have read more than one piece of news on social networking sites and on the Internet talking about the ransomware virus or about ransomware attacks and how it infected huge companies and well-known government institutions and even hundreds of thousands users around the world, and forced giant international companies and institutions to declare defeat by paying huge sums of money to the owners of this malicious software in order to get rid of it. Or maybe you were one of the victims of these attacks and one of them infected your device.

What is the story of this ransom virus that caused such a sensation? What are its types? What are the ways in which it spreads and infects devices? How do you protect yourself and protect your device so that it does not infect you in the future? And if your device happened to be infected with a ransom virus, what are the steps that must be followed to remove it?

All these questions and more we will try to answer in this article.

1- What is Ransomware?

In fact, the “ransom virus” as people call it is not a virus, but rather malicious software (malware) that is termed as Ransom malware or Ransomware. But because we call all types of malware a “virus”, this is how ransomware got its name from “ransom virus”. And because this name is common among users and the closest to people's understanding, I will continue to use it throughout the article.

Ransomware is malicious software designed to encrypt users' files or prevent them from accessing their computer systems, and then demand a ransom be paid by the victim in order to obtain a decryption key that restores access to their files or system.

In the majority of cases, the ransom is requested to be paid in cryptocurrencies such as Bitcoin, etc., as it is the ideal way for ransomware owners to be disguised and avoid being caught and at the same time receive their full payment.

In recent years, the ransomware virus has become the most prominent type of malware and the one that causes real damage to individuals, companies, and institutions of all kinds, without exception.

2- Types of ransomware viruses

There are three main types of ransomware and they are as follows:

1) FileCoder

When we talk about ransomware, the first thing that comes to mind is file encryption; This type is the most familiar among users as well as the most widespread and infecting devices (it constitutes 90% of ransomware viruses). When this type infects your device, it encrypts the files and asks you to pay a ransom to get them back properly, via the decryption key that you will get when the payment process is finished. Attackers usually set a deadline for the payment process, if you exceed it, your files may be completely destroyed or the decryption key destroyed, which means that they will remain encrypted forever.

What you may not know about this type of “file encryptor” compared to other types; It is the most dangerous type of all, because when it accesses your files and encrypts them, no protection program or any attempt to restore a previous version of the system can decrypt your files and return them to you.

And the only option in front of you will be to pay the ransom, which also there is no guarantee that it will be 100% reliable, meaning that it is possible to pay the ransom and not get your files back!

2) Screen locker

When this type infects your device, it will lock your screen and prevent you from using your device normally, by showing a permanent full-size window with a fake message claiming that an official government agency has locked your device due to a violation you have committed, and that you must pay to unlock and regain full access to your device .

3) Scareware

This type is the least dangerous of the three types and least harmful to the user, his device and his files, as it relies on intimidating the user and causing shock and confusion to deceive him into paying the money; As this type comes in the form of fake programs that are installed on your device in crooked ways, and then frighten you with a barrage of pop-up messages informing you that there are many problems in your device and you have to pay to fix them, and the truth is that there are no problems or anything like that.

3- The reason for the spread of the ransom virus wave in recent years

Since 2017, a wave of ransomware viruses has begun that affected the whole world, and the first reason is due to the WannaCry ransomware virus, which spread widely and had an eloquent and unavoidable effect, and showed the world that ransomware attacks are profitable. Since then, dozens of ransomware viruses have been developed and used in various attacks.

Also, what made matters worse is the Covid-19 pandemic, which helped spread the wave of ransom viruses greatly, how? Simply because it forced everyone, without exception, to go quickly and without preparation to work remotely, which created many security gaps that greatly affected companies and institutions and affected their security defenses, and accordingly cybercriminals and hackers exploited these security gaps to carry out ransom virus attacks, which increased the severity and ferocity of the wave Ransomware.

4- Ways to spread the ransomware virus

Ransomware, like other harmful malware, has several ways to spread, reach and infect victims' devices. In general, the methods are as follows:

Email phishing: Hackers and cybercriminals impersonate trusted organizations and companies or even individuals you know and trust, and then send you an email containing an attachment (file) or link that appears reliable and safe. The hackers' goal is for you to click on the link that directs you to a malicious and amalgamated web page that infects your device with the ransom virus, or to download the attached file, which appears normal but activates the attack and infects your device the moment you download and open it. Such messages are common and I personally receive them periodically.

Malvertising: or malicious advertising; It is when hackers and ransomware owners distribute it through the use of fake advertisements on websites. Real and reliable online advertising networks are used to spread these malicious ads in devious and hidden ways, and this affects even large trusted websites and turns them into a platform for spreading malware.

How is your device infected with malicious ads? Simply when you see advertisements that appear normal on a website you visit and click on the advertisement, here the ransom virus can infect your device after clicking on the harmful advertisement. others are more serious; It infects your device as soon as the web page loads in your browser completely and without any need to click on anything!

Social networking sites: You are probably aware that social networking sites are one of the most attractive places for hackers and cybercriminals to spread their malicious programs of all kinds, not just the ransom virus, because it is considered an environment full of potential victims who can be easily caught only through malicious links spread here and there. .

Infected files: which are widely spread on the Internet in the form of regular programs that you need to install and use, only to be surprised that they are infected. Often the main reason for this is downloading from unreliable sites. Infected files are also spread among users in the form of crack activation tools, whether to activate paid games or paid programs, only to be surprised that that file or that tool that would have helped you to get paid programs or games for free is mined and your device is now infected with the ransom virus.

– Download without permission (Drive-by downloads): Where hackers exploit the security holes in unsafe sites and web pages, to plant malicious software on the site or on the web page, and therefore when the average user visits the infected web page, the malicious and harmful software downloads itself Automatically and secretly on the victim's device without his explicit permission.

Self-propagation: The ransomware spreads itself and infects other devices via the network or via USB flash drives.

5- How the ransomware attack works

We can summarize ransomware attacks in seven stages, which are as follows:

1) Infection of the device: At this stage, the ransom virus uses one of the methods of spreading that we mentioned earlier to reach the victim’s device and install itself on it, and from there the device becomes completely infected.

2) Execution: After infection, the ransomware virus begins to carry out its work and what it was programmed to do; It scans the device and locates the target files, as well as which systems can be accessed over the network (for later propagation). In some cases, the ransomware searches for backup files and folders and then encrypts or deletes them to eliminate any chance for the victim to survive the attack.

3) Encryption: In this stage, all the target files in the previous stage are encrypted by changing the structure of the files so that they become unusable. Usually, data encryption methods are used and employed that can only be reversed or decrypted using a specific decryption key owned by the attacker, which is what you bargain to pay for obtaining it, decrypting your files and regaining access to them.

4) Notifying the user: At this stage, the user is informed and notified of what is happening by displaying a reminder telling him the situation he is in now, what he must do in the next step, and how much he must pay, in addition to detailed instructions regarding the payment process for decryption.

5) Cleaning: In some cases, the ransomware virus may delete itself from the victim's device after completing the previous steps, leaving the user with encrypted files and a reminder message containing the steps to complete the payment process and retrieve their files again.

6) Payment: At this point the user decides that he must pay to get his files back and there is no other choice for him, so he decides to follow the instructions included in the reminder which usually contains the address of the bitcoin wallet to which you must send the payment, as well as how to buy bitcoins (cryptocurrencies) ) if the user does not own it.

7) Decryption: After completing the payment process, the victim is supposed to receive the decryption key, which will give him full access to his files again without encryption, but! There is no 100% guarantee that the victim will receive the decryption key after completing the payment as promised by the attackers.

6- How to protect against ransom virus

Let's agree that the best way to protect yourself and your device from a ransomware attack is to prevent it from happening in the first place; Meaning, to prevent ransomware malware from infecting your device in the first place. Therefore, you should follow the following tips:

Invest in your cyber awareness: The most important thing that malicious software, including ransomware viruses, depends on to spread is social engineering. All methods of spread depend on a set of tricks used to deceive the user and make him fall into the trap without his awareness. That is why you should always stay informed of the latest developments in cybersecurity, and constantly educate yourself on how to detect ransomware tricks and tricks that it uses to launch its attacks and infect devices, as well as how to avoid it.

- Be skeptical: You should always be skeptical when you use the Internet; You always have to be careful when dealing with links and emails, even those that come from parties and people you know and trust. And when it comes to files, always make sure to download them from trusted destination sites. To remove any doubts, I advise you to use free tools such as VirusTotal ] , which will help you scan files and links before opening them to ensure that they are free of any danger.

Use an ad blocker: As mentioned earlier, one of the ways attackers use to infect your device with ransomware is through ads. Especially annoying pop-up ads that unfortunately fill Arabic websites, download files and open links without your permission.

Use an antivirus: or any strong and well-known protection program that has real-time protection so that it blocks attacks and malware before it reaches you. Accordingly, I advise you to Malwarebytes ], one of the best protection programs currently in existence, which contains the full package to protect your device from ransomware viruses.

Create secure backups of your files on a regular basis: Ransomware gains its power and control over the victim only because it denies access to his files and holds them hostage, but if the victim has a backup copy of his important files elsewhere, the ransomware virus loses all its power and danger and becomes nothing. That's why we advise you to create secure backups of your files regularly using cloud storage or even physical storage on a USB flash drive or HDD/SSD.

Ensure that the operating system and programs are constantly updated: Ransomware viruses and other malicious software usually exploit security holes in the operating system (Windows permanently and frequently), as well as holes in programs such as browsers, etc., to infect victims’ devices. This is why you should always make sure to install the latest updates firsthand, whether updates to the operating system or updates to the programs installed on your device, because updates would close security gaps and prevent hackers from using them in their repeated attacks.

7- How to remove the ransomware virus

You should know that getting rid of and removing the ransomware virus from your infected device is the easiest part of the process, but restoring your encrypted files is the hardest part. Why? Because there is no 100% guarantee that your files will be decrypted if you pay the ransom.

That is why experts always advise not to pay the ransom because this will increase the greed of the attackers and thus will intensify the ransom attacks. In general, the recommended steps to remove the ransomware virus and try to absorb and reduce losses are as follows:

  • Run the computer in Safe Mode.
  • Install security software to scan your device and remove ransomware to prevent it from spreading or doing other damage.
  • Look for the availability of Free Decryption Tools ] that can help you decrypt your files and recover them without having to pay any ransom.
  • Seek help either online or by going to the experts so they can assess the situation and tell you what to do.

In the end, these are the general tips and broad steps that can be followed if your device is infected with a ransom virus, but know that it will not work in all cases, and each case has its own method that must be followed.

As mentioned earlier, the best thing you can do to avoid getting to this point is; It is to prevent it from happening in the first place, and as the famous saying goes, “An ounce of prevention is worth a pound of cure . ”

8- The most famous and deadliest ransom virus in history

Here is a list of the most famous ransomware viruses that were a global pandemic that caused severe damage and impact:

  • WannaCry: It was the reason that ignited the next ransomware wave. In 2017, the WannaCry ransomware virus spread around the world like wildfire across 150 countries, leaving about 230,000 infected devices, in addition to losses estimated at $4 billion.
  • Ryuk: It first spread in 2018 and targeted organizations and companies whose systems contained security holes such as hospitals, etc., and infected devices via email phishing or drive-by downloads. Ryuk is known as one of the most expensive types of ransomware in the world. It targets large companies and institutions and asks them for an average ransom of more than 1 million dollars, and the figure has reached a maximum of 12.5 million dollars. The Ryuk ransomware is likely to have generated a total of US$150 million by the end of 2020.
  • Petya: The kind that targets Windows computers, and when it infects the device, it encrypts the entire hard drive to lock the computer and prevent you from using it. The Petya ransomware broke out in 2016 and returned in a more advanced form in 2017. According to a report published by Wired magazine ] , the total damage caused by NotPetya (from the same Petya family) is estimated at more than $10 billion.

This was a very brief overview of the deadliest ransomware in history and the list is still long, but we can't mention it all.

9- The latest form of ransom virus threats

You should know that the forms of ransomware threats are constantly being changed by their owners so that they are not detected, and so that the ransomware they create finds its way to new victims. That is why you must know one of the forms and aspects of ransomware threats in order to protect yourself from falling victim to a ransomware virus in the future. Here are the latest threats:

– DLL Side Loading: Where does the ransom virus impersonate a real DLL file to avoid detection and deceive the user to infect his device, as DLL files are among the Windows system files necessary to run many programs and services, and the user always finds himself forced to search for missing DLL files and download them on His device to operate everything without problems. That is why you should be careful as a user from now on when you deal with DLL files or download them from the Internet, because they may be a gateway for a ransom virus to infect your device without your knowledge.

Targeting web servers: Where does the ransom virus use phishing e-mail messages to target and infect web servers, including infecting all sites hosted on the servers and distorting the sites by showing the ransom message when visitors access them, and this puts pressure on the owners to pay the ransom.

Spear-phishing: or spear phishing is what ransomware owners currently prefer over normal phishing; Where attackers target specific targets with high privileges, instead of randomly targeting thousands of potential victims at once.

Ransomware as a Service (RaaS): Ransomware as a Service ; Where ransomware owners sell or rent ransomware to buyers who can then launch attacks without having any expertise in digital security or malware creation.

  • Follow us through the Google News app to receive all that is new
  • تابعنا عبر تطبيق Google News
Next Post Previous Post
No Comment
Add Comment
comment url