How do companies get ransomware

The rise of ransomware - the most striking examples

Ransomware - it's the stuff nightmares are made of: you open your laptop and find that all of your documents and pictures have been encrypted or that programs other than ransomware are preventing your computer from starting. A broken English message will appear on the screen asking you to pay a ransom to unlock your files or your computer. In the past two years, ransomware has grown significantly as more and more users opt for digital storage rather than physical storage for important documents, photos, and other information. Below is an overview of how the ransomware code evolved, how ransomware affected users over the past year, and what future developments we can expect.

The basics

Ransomware is a type of malware designed to infect computers and induce victims to pay a ransom in order to decrypt the files. Hackers infect your computer by asking you to download malicious email attachments or by visiting a website with malicious code, which then encrypts your important files or denies you access to your computer. Currently, two types of this malware are particularly popular:

  • Locker ransomware. This type of malware blocks basic computer functions. For example, you are denied access to the desktop while the mouse and keyboard are only partially active. So you can still interact with the ransom note window to make the payment. Other than that, the computer is useless in such a case. But there is good news: Locker malware usually doesn't target critical files; it just wants to lock you out. A complete destruction of your data is therefore less likely.
  • Crypto ransomware. The goal of crypto ransomware is to steal your important data, such as: Encrypt, for example, documents, pictures, and videos, but not interfere with basic computer functions. This spreads panic because users can see their files but cannot access them. Crypto developers often add a countdown to their ransom note: if you fail to pay the ransom within the deadline, all of your files will be deleted. And given the number of users who are unaware of the need to backup to the cloud or off-site physical storage devices, crypto-ransomware can have devastating effects. Accordingly, many victims pay the ransom just to get their files back.

The first modern ransomware appeared in 2005 with Trojan.Gpcoder. According to Kaspersky Lab, more than 58 percent of corporate PCs were attacked by malware in 2015, and the number of Cryptolocker attacks doubled. Locker ransomware made up approximately 20 percent of all ransomware. According to Softpedia, the number of ransomware attacks on businesses doubled in 2015, despite law enforcement agencies constantly trying to stop ransomware developers and shut down their servers. Popular ransomware 2015.

Several new types of ransomware emerged in 2015:

  • Linux server threats. According to the CSO, various web security firms have detected Linux malware designed to ban web administrators from Linux servers and prevent them from accessing required website support features. Although the problem was resolved after a way was found to determine the decryption key, new variants of the malware were later released that stopped responding to the decryption tool. Hackers asked for a bitcoin to unlock the encrypted files.
  • Cryptowall 4.0. A new version of the popular Windows-based CryptoLocker is currently being distributed via the Nuclear Exploit Kit (source: Threatpost). The biggest change in version 4.0 is that not only the data but also the file names are now encrypted in order to further disguise the processes and make it even more difficult for victims to get their data back without paying a ransom.
  • TeslaCrypt. This cryptowall competitor also released a new version in 2015. Security companies have seen massive spam campaigns spreading this malware through infected email attachments alleged to be overdue invoices.
  • Relaxed. The Locker ransomware enjoyed great popularity in the summer of 2015. It was hidden until May 25th. Then it activated itself, locked files and asked for 0.1 bitcoin - after 72 hours the value rose to one bitcoin. Surprisingly, the malware's developer, Poka BrightMinds, posted an apology on Pastebin and decrypted all infected computers. However, Bitcoins that have already been paid for have not been paid back.
  • Android malware