Skip to content Skip to Chat

What Is Ransomware And How Does It Work

May 10, 2021

What is ransomware? Ransomware is malicious and dangerous software that will infect a computer, making users unable to use it or access encrypted files until a ransom is paid. Victims are extorted to pay the ransom demands when they see an alert (like a ransom note) on their computer, and are unable to access their data due to the encryption.

Usually the alert will say that the system has been locked, and that you now have encrypted files, and won’t be restored until money is paid, which can be anywhere from a couple hundred dollars to thousands of dollars. Sometimes even after the ransom is paid, victims aren’t able to access their encrypted data. Bitcoin and cryptocurrency are regular ways that criminals make their victims pay the ransom, so the money is easy for them to access and difficult to trace.

The first ransomware attack happened in 1989, and targeted the healthcare industry. Ransomware attacks gained traction and soon became a huge opportunity for cybercriminals. Ransomware attacks have been the biggest cybersecurity threat since 2005. Ransomware has a long history and has claimed hundreds of thousands of victims, and millions of dollars.

There are many ways that malware can get access and encrypt computer files, but the most common is a phishing scam. A phishing scam is when a victim gets an email that looks like something they can trust, and opens the email attachment. Once the attachment is downloaded, the ransomware attack can take over the victim’s computer, encrypt their data, and completely infect the hard drive and operating system.

Getting a degree in IT will help you be qualified to fight against ransomware and protect data. From developing software that helps prevent ransomware to educating individuals on how to keep their data secure, IT professionals can be vital in fighting ransomware attacks.

 

Examples of Ransomware Attacks

There are many types of malware attacks, and they are all unique. Ransomware attackers pick their targets in many ways. Sometimes, it’s about the lack of security an organization has like in smaller universities or companies. This lack of security makes these organizations easier targets.

Some organizations are more tempting to attackers because they will need to un-encrypt their data fast, so they are more likely to just pay the ransom. Government agencies and medical facilities are just a few examples of these kinds of organizations.

Similarly, companies that have sensitive data like news organizations or law offices may be willing to pay so they keep their data safe from encryption. Cyber criminals target these kinds of companies because they believe they are more likely to have the ransom paid when sensitive information is on the line.

 

DarkSide

On May 8th, 2021, cyber terrorists crippled the oil supply chain in the US. An Eastern European-based criminal organization known as DarkSide shut down one of the United States' largest fuel pipeline operators. Colonial Pipeline carries almost half the gasoline, diesel, and other fuels used on the East Coast. This was one of the largest ransomware attacks in history, and demonstrates the large threat that ransomware can have, particularly on government and industrial organizations.

Private firms and government organizations investigating DarkSide say that industrial companies are a common target for the organization, and that they are working to attack in greater numbers. Because these kinds of ransomware attacks do not require extensive technical sophistication, large and small organizations alike can be at risk. Work is constantly being done to protect utility and industrial companies.

Ryuk

The malicious attackers behind Ryuk malware are spread across 2 cybercriminal organizations, coming from Russia or other former satellite states. Ryuk has reaped $4 million in less than one year. In 2018 it spread across major U.S. news publications and delayed their printing, from the Los Angeles Times, to the Wall Street Journal and the New York Times.

Ryuk attackers have extorted more than 10 times the average malware ransom, with the average payment being $71,000 in bitcoin. Sometimes Ryuk victims are forced to pay top dollar, and other times the hacker were willing to negotiate. Researchers have used this information to determine that there may be more than one Ryuk group of hackers. It's still unclear how to stop this group of hackers, but experts are constantly monitoring and looking for ways to increase ransomware prevention and stop these cyber-extortionists.

 

WannaCry

2017 saw the WannaCry malware spreading through computer networks, exposing vulnerabilities Microsoft Window's operating systems. Victims were sent a note by cybercriminals demanding $300 in bitcoin in exchange for the encryption on their data to be lifted. More than 300,000 organizations worldwide were infected including the National Health Service and Telefonica.

WannaCry is known as one of the quickest moving malware programs that can infect computers. Just 4 days after it was discovered, there were more than 250,000 instances of the bug, and it had been detected in 116 countries. WannaCry is still active, causing IT professionals to work furiously to figure out how to get rid of it.

 

WYSIWYE

WYSIWYE's definition is What You See Is What You Encrypt. This type of ransomware allows hackers to adapt the malware and tailor it to their target before they release it. Hackers have the ability to personalize the messages they send, and cherry-pick the files they want to lock.

Experts believe that WYSIWYE is what locked dozens of hotel guests of our their rooms in Austria. This type of ransomware is especially frightening because hackers can adapt their attack for specific companies in very personal ways. It means that the alerts, emails, and the actual data that is encrypted or infected systems are individualized, making the victims feel very personally threatened. It also means that hackers can access personal information and sensitive data, which can be used in other kinds of fraud and theft.

 

How to Prevent Ransomware

IT professionals can get the proper education on how to help their whole organization be safe from ransomware attacks. They can also be trained on how to remove ransomware and get the security knowledge to prevent and scan for problems to keep their company safe. Ransomware protection is vital for organizations, especially those that store important files.

You don’t have to be an IT professional to follow good computer security, and keep your data safe. These tips will help you protect your data and can help you prevent malware.

Keep your operating system up-to-date, helping you have fewer vulnerabilities.

Never install software unless you know exactly what it does and where it’s from.

Use antivirus software which can help you detect ransomware.

Backup your files frequently so there is less damage if you do get attacked by ransomware.

If you’re an IT professional, or want to get involved in the work of keeping data safe from ransomware, WGU has many IT programs that could be a perfect fit.

 

Recommended Articles

Take a look at other articles from WGU. Our articles feature information on a wide variety of subjects, written with the help of subject matter experts and researchers who are well-versed in their industries. This allows us to provide articles with interesting, relevant, and accurate information.