Ransomware can be defined as a part of malware in which an unauthenticated party locks the data in the victim’s device, generally through encryption, and in exchange of access, a sum of money is demanded. On receiving the payment, the data is decrypted and the independent access is granted to the victim again. The person can receive Ransomware attacks due to monetary, personal, etc. type of motives. It is very different from other attacks as the victim is notified about the situation and money is asked for in a very straight forward manner. The victim is also given instructions on how to recover from the situation. The criminal is also aware of the fact that his identity is not exposed and demands payments through Bitcoin for such purpose.
This Ransomware can be spread through email attachments, software apps, infected storage devices or other files through internet. The login requirements of a certain person can be changed and the data inside can be encrypted in an inaccessible form. This process is called data kidnapping. This from doesn’t depend on any interaction with the user and he can receive it without any warnings. Data kidnapping can affect other network devices as well because your email ID is connected to those.
These attacks are carried out through the use of Trojan and the user is however forced to download and open the files containing it. An example of such Ransomware is WannaCry which transferred automatically between different devices on its own.
The Ransomware was first operated by Young and Yung at Colombia University. A Key pair is generated by the attacker and a public key is placed corresponding to it. The key pair encrypts the data randomly with a symmetric key and then the same key which only the attacker has is given in exchange of the said amount asked by him from the victim.
The final goal is always money and the victim is always forced into paying the sum of amount that the attacker has said. After the amount is paid, the decryption key is supplied to the victim to get back the access. The attacker is aware that his identity is not revealed when the payment is made. The payment system must be hard to trace for the attacker.
There are over 150 countries that have been infected by this Ransomware and some others are reporting for the same. Some victims including, Santander, Deutsche Bank, FedEx and, most concerning, hospitals belonging to the U.K.’s National Health Service (NHS) have been tricked into such activities.
Many people through this kind of activity have found making money an easy task and this is preferred by many people around the world. There are many provisions to avoid these attacks and these include avast, Norton, Eternal Blue etc. These antivirus softwares provide you with just the right tool to do it as these are up to date and any additions in the Ransomware is covered by most of them .