What Does Ransomware Do?
Unless you’ve been living under a rock, you might have probably heard of ransomware attacks. In recent times, there has been a sudden spike in the number of ransomware attacks across the globe. Within a short span of time, ransomware has emerged as one of the major security threats to individuals and businesses alike.
What is Ransomware?
Ransomware is a type of malware that encrypts data on infected computers. It has become a lucrative option for cybercriminals. Ransomware can lock the infected computer or encrypt multimedia files, office files or the system files that the host computer relies on to work properly.
Ransomware attacks have impacted organizations of all types and sizes, but small firms are more vulnerable to attacks. Lack of proper security measures and employee education is the primary reason behind the ransomware attacks.
How Ransomware Spreads?
Spam is the most common method used by cyber extortionists for spreading ransomware. Most ransomware variants are spread using some form of social engineering tactics; unwary users are tricked into opening a fake e-mail attachment or clicking a malicious link.
Spam emails are designed to appear as a legitimate email. They usually appear to be from a well-known person or a trusted institution (such as a bank) asking a user to check out an attached file.
Sometimes, ransomware spreads through peer-to-peer file sharing networks. Ransomware can be passed on through activation keys (exploit kit) for popular system software such as Photoshop and Microsoft Office. If you download software from shady websites, you are unknowingly exposing your system to the ransomware.
These exploit kits are designed to identify security vulnerabilities in the victim's computer and exploit them to install ransomware. This type of ransomware attack is also referred to as a 'drive-by download' attack.
Once the ransomware infiltrated a system, it can change the victim's login credentials, encrypt files and folders on the victim's device, as well as on other connected devices.
If it is a type of ransomware that changes the login credentials, it shows a full-screen image or notification on the infected system's screen, which cannot be closed at the user's will. It may also have the instructions on how users can pay for the ransom and get the decryption key.
If it is a type of ransomware that encrypts files and folders on the infected system, the ransomware blocks the victim from accessing the files and folders on the infected computer.
How To Prevent Ransomware
Make a back up of your files and documents in cloud storage or on an offline system. This can save your data even if your computer gets infected with ransomware malware. Install good antivirus software such as Comodo Antivirus.
If you are an enterprise user, it is advisable to use Comodo Advanced Endpoint Protection (AEP). Comodo (AEP) provides complete end-to-end protection across the boundary, internal network, and across endpoints preventing even the most advanced malware, including the ransomware.