The Workings of Ransomware.
Locky and Raa are both examples of one of the most dangerous
and prevalent forms of malware known as ‘ransomware’.
Deleting Encrypted Files.
The ultimate object of
ransomware is to force the victim to make a payment to halt and reverse the effects of malware
i.e. pay for a software key to release the files that the ransomware has
Jigsaw ransomware for example not only encrypts the files but deletes one
of the files that it has encrypted every hour until the money is paid. This means that even if
the victim pays they can’t reverse the damage. What is more, Jigsaw deletes an extra 100 files for
good measure each time victim restarts their computer.
Encrypting Drives and
Ransomware such as Petya encrypts whole drives such as your
computer’s entire Master File Table whereas ransomware like RansomWeb and Kimcilware are
designed to infect whole web servers encrypting their website databases and hosted files.
The scale and scope of the dishonest work carried
out by variants of ransomware varies widely. Some versions such as those called DMA Locker, Locky,
Cerber and CryptoFortress work by going for the network drive and try to encrypt parts of the
Server Message Block (SMB).
Compressing to Speed Up
In order to make the encryption of files as fast as possible some
ransomware such as Maktub even goes to the trouble of compressing the files
Attack in the Cloud.
With more businesses moving
critical files to the Cloud so the cyber criminals follow. Some new forms of ransomware are able
to delete or overwrite cloud back-ups.
Non Windows Not
Ransomware such as SimpleLocker for example encrypts files on Android,
and Linux.Encode.1 encrypts files on Linux.
Spoken Ransom Messages Through
It sounds chilling but ransomware such as Cerber generates a
script that allows it to speak a ransomware message through the victim’s speakers in 12 different
Buying It In.
For some cyber criminals it’s
simply a case of buying in ransomware such as Tox as a service via underground forums. It can
provide everything the cyber criminal needs including the vital facilitating of the transfer of
What Does This Mean For Your Business?
any malware risk the trick for a business is not to get infected in the first place with the
software that enables the attack to be launched.
Businesses need therefore to raise
awareness among staff that they all need to be very careful about opening emails with attachments
and / or emails from sources that are not familiar.