While ransomware can be hidden inside several varieties of computer phishing messages, all ransomware falls into the category of internet based extortion. Victims of ransomware find themselves in a position where a perpetrator demands payment for the victim’s own data or else: Ransomware, also known under the general heading, malware, is designed to infect the victim’s computer so that the victim is unable to access her/his files until payment is made.
In most cases the victim has opened a link---or hyper-link---unsuspectingly, e.g., the link or hyper-link might have been sent through a co-option of Microsoft, or Google Chrome, or some other trusted messenger such as Norton Antivirus. The victim clicks on what looks like a harmless link and with that single click the harm is done.
Ransomware then occurs via a series of sophisticated software maneuvers incorporating a transfer of keys. To simplify by analogy, just as the non-virtual world uses keys and locks to prevent criminal trespass, so computer software is walled between portals by virtual keys. Through a process called encryption, the victim clicks on the email link, antivirus notification, pop-up, or other seemingly harmless item, and a transfer of keys occurs.
One such malware known as Cryptolocker uses a highly sophisticated method of key pairs to encrypt the victim’s files. From the web page Ransomware Explained by Mikel Verojic:
When the sender’s malware is released, a random but symmetric key encrypts
the victim’s data. Next, a small asymmetric ciphertext along with the ciphertext
of the victim’s data occurs. “Hybrid encryption” is thereby established and the user
then receives a message as to how to pay the ransom.
Ransomware attacks typically involve something called a Trojan Horse. Again, by analogy, a virtual Trojan Horse, like its counterpart in Greek Mythology---a Trojan Horse---is a message or other virtually received entity (as above pop-ups, antivirus notifications, email links), or horse. When/if the email or pop-up, (horse) is opened (clicked on), a malware encryption process begins.
A payload then locks the system---or claims to lock it (scareware) until the victim provides payment.
Note: Scareware is no less menacing and difficult to maneuver because, for all intents to the victim, the files are locked even while they may not have been thoroughly encrypted. In other words, the victim cannot retrieve her or his files or know whether those files have been rendered inaccessible. Thus, payment would appear to be the only means to retrieve the compromised data.
Most often the victim receives a message from the perpetrator soon after encryption telling the victim what to do--- how much to pay and how to process the payment. More often than not, the perpetrator demands that the ransom payment be made via bitcoins, (1) or virtual currency.
Needless to say, victims of ransomware find themselves in a dire circumstance. They must either pay an anonymous and untraceable entity, e.g., the use of bitcoins or virtual currency, creates the circumstance wherein the already remote and anonymous perpetrator cannot be traced via the payload! To make matters worse, victims of ransomware seduced into paying the ransom amount, may or may not be rewarded with the restoration of their data upon payment! Indeed, in a substantial percent of cases, the perpetrator disappears---after exacting the bitcoin ransom--- into the cyber-anonymity by which she or he arrived!
The ways to avoid being a victim of ransomware
A. Never click on a suspect link.
B. Always use strong passwords.
C. Do not forget to back up and store files regularly.
D. If in any doubt, err on the side of not clicking on pop-ups.
E. Although ransomware can be hidden inside a co-option of virus protection software, updating virus protection regularly is still the safest means of guarding against malware and viruses of all forms.
The future of ransomware:
Computer viruses have been compared to moles for their ability to create yet another underground pipeline when the original one is discovered and plugged. Using that same analogy applied to ransomware, it would seem that ransomware’s various forms of sabotage will only increase as the future of the computer as a tool for conducting one’s daily life --- banking, searching for a job, working, learning, driving, and so on --- expands to cover more and more of our daily functioning.
As to the future of such crimes, it would seem a safe bet that computer crime, like its brick and mortar counterpart, is here to stay. But cyber-crime, unlike its brick and mortar contingent, will require a police response as intellectually expansive in its forensic foresight as the virtual perpetrators have become ever more malicious and intractable in their cyber transgressions.
1. Bitcoin – A type of digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank.