What is Ransomware and How Does it Happen?

By: Bill Howard - Manager of IT Services

Let’s start with the FBI definition of ransomware: Ransomware is a type of malicious software, or malware, that encrypts data on a computer making it unusable. A malicious cybercriminal holds the data hostage until the ransom is paid. If the ransom is not paid, the victim’s data remains unavailable. Cybercriminals may also pressure the victims to pay the ransom by threatening to destroy the victim’s data or to release it to the public.

How does this happen? Frequently, ransomware starts with a phishing scam. Phishing is a type of social engineering where an attacker sends a fraudulent ("spoofed") message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.

Cybercriminals have found that it is a lot easier to pick on human vulnerabilities instead of machine vulnerabilities. They have found that, in many cases, it is our own curiosity or willingness to serve that gets us in trouble.

TWO REAL-LIFE STORIES
Two individuals recently shared their experience with me. Both happened to be targeted by the same phishing scam. Both took the bait and were being reeled in. Here are some details of their stories so you may recognize the scam and hopefully prevent yourself from falling victim.

Both victims received emails that appeared to be from Amazon. They were receipts for purchase of merchandise. Neither victim had made the purchase in question and the email never really came from Amazon. Both victims took the initial bait and called the phone number listed in the email, spending a considerable amount of time communicating with the cybercriminal.  Fortunately for one of them, they slipped off the hook. The second was not so lucky.

The first victim escaped when they recognized they were being trapped in a scam. At some point during the scam, the victim was requested to buy a gift card to correct “the situation” that the victim was in, according to the scammer. Once they recognized they were being scammed, the victim ended the conversation and went on about their usual business. This may or may not be the end of this phishing expedition. 

As you’ll remember, the same bait was cast, but the stories vary slightly. The second victim was a bit more vulnerable and at some point allowed the scammer to remotely control their PC to “remove a virus.” The real objective while remotely connected to the victim’s PC was to install tools that will help the scammer further target them in the future. The victim was also sold a “security service” that would protect them from future attacks.  The victim eventually broke free from the line once the scammer requested that they visit one of several retail stores to purchase a gift card to correct “the situation.” This victim had already spent over $400 for the fake “security service” they were sold. Unfortunately, this PC will need to be re-built from scratch to ensure there are no leftover tools available to the scammer.

But both victims showed vulnerability by communicating with the cybercriminal. This vulnerability means they might take the bait again in the future. The cybercriminal knows this and is sure to cast their bait at them again. Hopefully, these victims have been left with a taste of bad bait, and will be able to resist future phishing attempts.

These phishing attempts open the door of opportunity for a cybercriminal to install ransomware. Cybercriminals don’t always act immediately. Most of the time, you don’t even know your computer has been infected. You will usually discover it when you can no longer access your data or you see messages letting you know about the attack and demanding ransom payments.

TIPS TO HELP YOU STAY SAFE
The best way to avoid falling victim to ransomware or any other type of malware is to be a vigilant computer user.

Some things that you can do to help prevent an attack:
•    Resist the urge to take the phishing bait.
•    Keep your operating systems, software, and applications current and up to date.
•    Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
•    Back up data regularly and double-check that those backups were completed.
•    Secure your backups. Make sure they are not connected to the computers and networks they are backing up.

In the event of a ransomware attack, the FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom does not guarantee you or your organization will get any data back. There is no honor among thieves. It also encourages perpetrators to target more victims and offers incentive for others to get involved in this type of illegal activity.

If you are a victim of ransomware, report the crime to www.FBI.gov or via the FBI Internet Crime Center www.IC3.gov.

Please be sure to maintain vigilance and have a safe day computing.