Ransomware

What is ransomware, what are causes, what precautions exist and who offers help?

The blackmailing blocking of computers or data

Ransomware is software that blocks the use of computers or data by preventing access to them. It is blocked by means of encryption, which, at least in theory, the victim of this crime can break by paying a ransom. Simply put, Ransomware kidnapps computers or data and demands a ransom in return for the release, i.e. the possibility to use the computer and/or the data again. Alternative terms for Ransomware are Encryption Trojan or Kryto Trojan. 

The term Ransomware is derived from the English word for ransom. In contrast to “conventional” malware, which tries to harm a computer, a user or a network of computers and their users, the intention of ransomware is to extort ransom money.

Software that unintentionally causes damage, e.g. through the incorrect implementation of features, is not considered malware. The use of malware is criminal and attempts, for example, to publish sensitive information and destroy the integrity of users. Software that spies on users is called spyware. The combination of spyware and ransom is not uncommon either.

Ransomware encrypts computers or data with the aim of extorting ransom money.

Reasons for ransomware infection

Both experts and ordinary Internet users are relatively concerned about cybercrime.¹ The greatest danger is infection with malware, followed by spying out access data, sending unsolicited e-mails under one’s own name and fraud in online shopping or banking.² The main reasons for infection with malware are:³

  • spam / phising emails
  • poorly trained staff
  • damaged websites / online advertising

 

Precautions against ransomware

There are a number of precautions to take to protect yourself as a user from the threat of ransomware. On the one hand, the aim is to minimise the attacking potential and, on the other hand, to optimise personal actions.

  • Update operating systems and software with the latest patches, but only from known and trusted sources. Obsolete applications and operating systems are the target of most attacks.
  • Never click on links or attachments in emails from unknown senders. And don’t click on links in emails that only seem to come from known senders if the sender address seems “strange” to you.
  • Back up your data regularly. Some sources recommend making 3 copies, using 2 different types of memory for these, and storing 1 copy offline.
  • Limit the permissions for installing and running software applications on your computer.
  • Use whitelists of applications that can run on your network.
  • Use spam filters to prevent phishing emails from reaching end users. Authenticate incoming email to prevent email spoofing.
  • Configure firewalls to block access to known malicious IP addresses.

It is generally assumed that about 75% of all malware attacks are phishing attacks. It is therefore particularly important to train employees on the dangers and correct procedures.

Pay ransom or don’t pay?

And what should you do if you are the victim of a ransom commodity? Since the attacks are becoming more and more sophisticated and there are now even Ransomware-as-a-Service offers on the Internet or Darknet, this cannot be ruled out with all due caution.

Many contacts such as the Federal Office for Information Security (Bundesamt für Sicherheit, BSI), the Federal Criminal Police Office (Bundeskriminalamt, BKA) or the American The Cybersecurity and Infrastructure Security Agency (CISA) recommend not to comply with ransom demands. Spyware could simply be false threats; for example, threats are made to publish camera images, but the alleged victim does not have a webcam, or threats are made to affix stickers to the car. Such forms of blackmail are called social engineering.

In addition, it is simply unclear what happens after a possible payment, usually in the form of bitcoins or alternative crypto currencies, is made. Will the system, the computer, the program or the data actually be unblocked or will another ransom demand follow immediately? Since the blackmailers feel relatively safe, do not adhere to any code of honour or do not have to fear unfriendly assessments of the blackmail victims, they could simply make a new claim after payment.

 

Notes:

The BSI provides a free downloadable paper on the subject in German at https://www.bsi.bund.de/DE/Themen/Cyber-Sicherheit/Empfehlungen/Ransomware/Ransomware_node.html.

CISA offers five different services (Up-to-date Information, Warnings, Bulletins, Tips and Reports) at https://www.us-cert.gov/ncas. An video on combating ransomware can be found at https://www.youtube.com/watch?v=D8kC07tu27A.

In Switzerland, the Reporting and Analysis Centre for Information Assurance (MELANI) offers assistance. Among other things, MELANI publishes half-yearly reports on the development of Ransomware: https://www.melani.admin.ch/melani/en/home.html

The European Cybercrime Center – EC3 also offers a lot of useful information: https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3

[1] https://de.statista.com/infografik/9344/jeder-zweite-deutsche-hat-angst-vor-cybercrime/
[2] https://de.statista.com/infografik/2637/erfahrungen-mit-online-kriminalitaet/
[3] https://de.statista.com/infografik/9382/weltweiter-infektionen-mit-erpressersoftware-und-gruende-fuer-infektionen/

 

What does t2informatik do?

t2informatik - We develop software for great companies

Here you will find additional information from our Smartpedia section:

Smartpedia: How does whitelisting work?

How does whitelisting work?

Smartpedia: What is a Misuse Case?

What is a Misuse Case?