Ransomware explained: How it works and how to remove it

Ransomware attack 2022
Ransomware attack 2022
Written by Emma Davis

The amount of ransomware attacks around the world is on the rise. In 2021, many organizations that were hit by ransomware have seen “the uptick in global ransomware attacks” with both “ransomware attack frequency and annual attack volume increasing at an alarming rate”.

In the meantime, according to the United States Computer Emergency Readiness Team (US-CERT), between June and October 2021, thousands of organizations were hit with ransomware. In another survey, Gartner Inc. says the number of ransomware attacks will explode in 2022.

And it was true – 2021 has been a wake-up call for all organizations and companies which have experienced ransomware attacks. This year, companies have seen various attacks including the Sodinokibi, Conti, Dharma ransomware attack, which in particular, wreaked havoc across 150 countries. Another major ransomware attack that dominated headlines was the STOP/Djvu ransomware attack. The attack most affected individuals in India and Asia.

The incidence of ransomware attacks went up.

“Hackers can now charge cybercriminals from a few thousand dollars to a few hundred thousand dollars to unlock files”, says Gridinsoft Inc.

It is expected that the rise of ransomware is due to the online anonymity factor of the dark web as ransomware is mostly a crime involving huge amounts of money.

Cybersecurity Ventures predicted ransomware damages would cost the world $5 billion (USD) in 2017, up from $325 million in 2015 — a 15X increase in just two years. The damages for 2018 were predicted to reach $8 billion, for 2019 the figure was $11.5 billion, and in 2021 it’s $20 billion

Ransomware Data Graphic

Another major reason for ransomware is the prevalence of common loopholes in many programming languages, which attackers can take advantage of to build ransomware and send it to the targets while targeting the Windows operating system.

What is Ransomware and how does it work?

Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. In many cases, the ransom demand comes with a deadline. If the victim doesn’t pay in time, the data is gone forever or the ransom increases.

A ransomware attack works like this: The attacker sends a malicious link to a victim that, when clicked, allows the hacker to infect the victim’s computer. The ransomware then encrypts all the files on the victim’s hard drive and asks for a ransom to be paid. The ransom is paid in Bitcoin.

Ransomware attack

Ransowmare attack following a successful phishing attempt.

If you are targeted with a ransomware attack, you will need to take preventive steps to avoid infection.

Report the infection immediately to the IT department and ensure that the user has no suspicious files, such as pirated games or office software, on the computer.

The IT department will need to perform a complete forensic investigation on the device that was infected with ransomware and take appropriate steps to remove it.

Infection caused by applications such as Office macros can be avoided by ensuring that no software is running on the system that is not intended to run on the system.

Steps to help prevent & limit the impact of Ransomware:

  • Don’t download apps from suspicious sites.
  • Back up important files on a regular basis and remember to make regular backups.
  • Watch out for spam messages and emails that claim to be from Microsoft and warn you of important problems or viruses.
  • Restrict access to your apps by creating a separate password for each app.
  • Do not allow the apps to access your phone’s or computer’s location services.
  • Ensure that you have security software and antivirus apps installed.
  • Create different passwords for every app.

A large number of apps are fraudulently posted on the App Store, Google Play Store and other stores. A few good examples are Google Docs or Gmail, which may not really be legitimate. These apps try to get your personal information or infect your device with malware to steal data from your device.

🤔 Is it safe to download third-party apps?

NO! It is safest not to download apps from suspicious sites. Also, make sure that the page where you are downloading the app is safe and has no malware inside. When in doubt, don’t trust what you see.

🤔 What to do after a ransomware attack?

You can try to find a copy of an original file that was encrypted:

  • Files you downloaded from the Internet that were encrypted and you can download again to get the original.
  • Pictures that you shared with family and friends that they can just send back to you.
  • Photos that you uploaded on social media or cloud services like Carbonite, OneDrive, iDrive, Google Drive, etc)
  • Attachments in emails you sent or received and saved.
  • Files on an older computer, flash drive, external drive, camera memory card, or iPhone where you transferred data to the infected computer.

Also, you can contact the following government fraud and scam sites to report this attack:

To report the attack, you can contact local executive boards (A full list you can find here). For instance, if you live in USA, you can have a talk with FBI Local field office, IC3 or Secret Service.

Ransomware removal

If your computer has been infected with ransomware, you’ll need to regain control of your machine. Here has a great video demonstrating how to do this on a Windows machine:

The video has all the details, but the important steps are to:

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.