Once upon a time… there was a ransomware virus. Wait, was that only 30 years ago? Ransomware is so popular (not in a good way) that we feel like we've known it all our lives. Although it is only 31 years old, it is still young and beautiful even in its prime, and is capable of doing a lot of damage to any user on the Internet.

However, there are still users who are suspicious of such viruses and believe they will not be affected. In today's article, we'll tell you who (what) this Blackmailer virus is, how it works, how it infects computers, and how its “work” can affect your business. Let's get started.

The first blackmail virus attack in history

In 1989, biologist Joseph Popp wrote the AIDS Trojan, the first known piece of malware and the world's earliest example of a virus known as an extortionist. The AIDS Trojan was introduced to PC systems via a floppy disk that Popp simply sent to the mailing list of attendees at the WHO International AIDS Conference. Imagine: 20,000 infected disks were distributed all at once (in 1989)! Joseph Popp was eventually caught, but could he have known at the time that he had ushered in a new era of extortion viruses? 

So, let's take a look at what ransomware is. 

Speaking of the meaning itself, I would simplify: a Ransomware virus is a type of software created with the specific purpose of making money and places (closes from reading and access) user files in code or, simply put, hides them under a password. It is worth noting that Ransomware encrypts files. Encryption is one of the most important tools in computer (information) security.

However, some ransomware viruses behave unusually, for example, by deleting files or encrypting applications (e.g., SQL Server). Ransomware usually gains access through an insecure remote channel, through operating system vulnerabilities, or by downloading software via email.

How the blackmail virus works

So now we know that ransomware encrypts files on computers. But how does it do it? How does it do it? In addition to the encryption code and algorithm, there are always details about social engineering in such cases. There is a lot of information about creating an emotional connection with victims before hacking their PCs and encrypting their data.

Sometimes attackers (cybercriminals) even get in touch via social media and start communicating with a very specific goal in mind. Step by step, message by message, using the right psychological techniques of communication and correspondence, the hacker gains the victim's trust and then uses this trust to gain access to personal, sometimes even confidential data such as passwords or bank details.

Although, for the sake of objectivity, it should be noted that such hackers often send infected files or links to dangerous resources directly in messages to victims, after gaining a credit of trust and knowing for sure that the victim will click on the link or download the infected file. 

You open an email from someone you trust, like a friend or a legitimate organization. Get scary messages that your computer has just been infected (still an emotional connection, right?) even though it hasn't yet. 

Then you quickly click on a link that promises to cure you right now and… the download is complete. 

Congratulations! Ransomware has already taken up residence on your computer. Now let's take a closer look at how this could have happened to you — just arm yourself. 

The first method of ransomware: malicious emails 

The user receives an email with attached files or links in the email itself. Despite the fact that most of these emails end up in the spam folder, some of them might sneak into your inbox. However, many people even go into the spam folder, try to read emails there, and even click on links that their browser strongly warns against. So, let's move on.

The user downloads an attachment file or clicks on a link. The virus installation process has already begun. The ransomware starts encrypting the data you have on your computer: photos, documents or PDF files, in general, everything you have on your computer.

Afterwards, you receive a message that you need to pay to decrypt or unlock your own files. Below is an example of an email in the spam folder that most likely contains malicious code or an attachment.

The second way ransomware spreads is: browser and exploit kits as malicious advertising

The user clicks on an online advertisement in the browser (usually a bright and interesting image) and the system redirects the user to a fake website. 

Usually, the attackers try to make these fake websites look as legitimate as possible and like the real original, so it may take some time for your antivirus or security system to detect the exploit codes hidden there. 

The exploit kit starts by scanning your computer and running some software, usually written in Java or Flash, to find a possible vulnerability. And if such a vulnerability is found, the ransomware is placed on your computer. The ransomware will encrypt all the data stored on your computer's hard drive (just like a malicious email script). You will have to pay the extortionist hacker.

Always remember that paying does not guarantee that you will get access to your files again. It only guarantees that the cybercriminal will get your money.

Who is the target audience for ransomware?

Everyone. Ransomware can target both individuals and companies of all sizes. Any organization can be at risk of being hacked — whether you're a small business or a sole proprietor. There are no restrictions or exceptions.

Any industry can be affected: education, government, healthcare, retail, or finance. If you think this does not concern you, and you are definitely not a target, then you are exactly that. The best target for a hacker is a user who doesn't know the rules of security. 

What are the consequences for business in case of a ransomware attack? 

They are unlimited. In Q4 2019, the average payment to hackers for a decryption key increased by 104% to $84,116, up from $41,198 in Q3 2019. Payment does not guarantee restoration of access to data. It doesn't even guarantee that your computer is no longer infected.

Ransomware can simply kill a business, and the recovery process will not be easy, as well as require additional resources, both monetary and human.  

The main risks: 

• Data loss (temporary or permanent);
• Complete blocking of business processes;
• Financial losses due to failures and downtime;
• Financial losses associated with the restoration of the company's work;
• Company reputation.

Most often, it is an emergency and a disaster that needs to be fixed. Earlier, we prepared a material dedicated to analytics and data for 2019 on cybersecurity.

Protection against ransomware attacks

The best way to protect against ransomware is to prevent it. You can make regular backups of all data, train administrators on detecting viruses, and invest in building cybersecurity in your company. Use cloud technologies and contact our specialists to improve your company's cybersecurity.