You have a beautiful daughter who attends school every day. One day, like every other day, she attends school, and on her way back home she gets abducted by two men. As a matter of fact, these two men will demand ransom for the return of your daughter.
Ransomware is not much different from the above story. Replace the girl with your PC/Mac, then replace the two men with cyber criminals and you should have a fair idea of what ransomware is all about by now.
Now that we have established a generic version of ransomware let's get into the technicality part.
Ransomware is a kind of malware that takes the host of your PC/Mac and locks it entirely or some of the files in it until a particular amount of money is paid to the attacker (usually underground cybercriminals). Generally, these ransoms are paid in the form of Bitcoins or other digital currencies which, in all its likelihood, are untraceable.
What does ransomware do?
Although there are different types of ransomware (more about it in a moment) the end-purpose is the same - coerce the innocent into paying a ransom. Coming back to the point, despite the existence of different types of ransomware, all of these types get hold of your PC/Mac thereby preventing you from accessing it or the files present in it.
Now, you may wonder how this might happen in the first place. Allow us to explain. Typically, ransomware enters into your system masquerading as an ordinary file.
It doesn't matter if an infected file was downloaded intentionally or accidentally, once the file is opened, ransomware starts encrypting all the files on the infected PC and upon completion, an error message pops-up on the screen indicating that all the files in the system are encrypted.
The decryption keys will be handed to victims only on paying the ransomware.
Also, there's no guarantee that the attacker may provide the decryption keys on paying the money.
What happens if you don’t pay the ransom?
On failing to pay the demanded money in the given timeframe, two things may happen: either the timeframe will be extended, but instead of the ‘XYZ' amount that was demanded earlier, you may have to pay more money or the attacker may delete the encrypted files for good.
Entry points for ransomware
As bad as it may sound, there's no particular entry point for ransomware. It can enter your PC/Mac from anywhere. Compromised or malicious websites, emails, other malware, and malvertisements are only a few good examples. So, the next time you try to access any website you have never heard of, be watchful.
As mentioned earlier, there are many types of ransomware. CryptoLocker, CryptoWall, Locky, Samas/Samsam/SamSa are some of them to name a few. However, in this article, we will talk only about a couple of common types of ransomware.
CryptoLocker, believed to be first discovered on September 5, 2013, is a type of ransomware that aims to infect Microsoft Windows (and any other mounted devices such as Pen drives). The malware is distributed via email attachments and existing botnets. When the malware is executed, it makes use of RSA public-key cryptography to encrypt files on your PC or mounted devices.
Akin to CryptoLocker, Locky is a type of ransomware but only one the most recently discovered ones. First spotted in February 2016, Locky is also propagated via email attachments just like the CryptoLocker but is notoriously famous to get rid of shadow copies (automatic backup copies) of files. The infected emails contain a Microsoft Word document with malicious macros which will be triggered once the victim opens the document.