Ransomware is software that blocks the use of computers or data by preventing access to them. It is blocked by means of encryption, which, at least in theory, the victim of this crime can break by paying a ransom. Simply put, Ransomware kidnapps computers or data and demands a ransom in return for the release, i.e. the possibility to use the computer and/or the data again. Alternative terms for Ransomware are Encryption Trojan or Kryto Trojan.
The term Ransomware is derived from the English word for ransom. In contrast to “conventional” malware, which tries to harm a computer, a user or a network of computers and their users, the intention of ransomware is to extort ransom money.
Software that unintentionally causes damage, e.g. through the incorrect implementation of features, is not considered malware. The use of malware is criminal and attempts, for example, to publish sensitive information and destroy the integrity of users. Software that spies on users is called spyware. The combination of spyware and ransom is not uncommon either.
Reasons for ransomware infection
Both experts and ordinary Internet users are relatively concerned about cybercrime.¹ The greatest dangers are
- infection with malware,
- spying out access data,
- sending unsolicited e-mails under one’s own name and
- fraud in online shopping or banking.²
The main reasons for infection with malware are:³
- spam / phising emails,
- poorly trained staff and
- damaged websites / online advertising.
Tips and measures against ransomware
There are a number of tips or precautions to take to protect yourself as a user from the threat of ransomware. On the one hand, the aim is to minimise the attacking potential and, on the other hand, to optimise personal actions.
- Update operating systems and software with the latest patches, but only from known and trusted sources. Obsolete applications and operating systems are the target of most attacks.
- Never click on links or attachments in emails from unknown senders. And don’t click on links in emails that only seem to come from known senders if the sender address seems “strange” to you.
- Use strong passwords and multifactor authentication.
- Back up your data regularly. Some sources recommend making 3 copies, using 2 different types of memory for these, and storing 1 copy offline. Ideally, you should also back up system images, application software and configurations. It also makes sense to use unalterable backups that cannot be manipulated or deleted. And also test the recovery process in terms of speed, completeness and costs.
- Limit the permissions for installing and running software applications on your computer.
- Set up non-privileged mail accounts for administrators for everyday purposes that allow reading emails, surfing the web, etc., but at the same time limit the impact of clicking on a phising email.
- Use whitelists of applications that can run on your network.
- Use spam filters to prevent phishing emails from reaching end users. Authenticate incoming email to prevent email spoofing.
- Configure firewalls to block access to known malicious IP addresses.
- Monitor the system and monitor the logs. Be informed when a new administrator account is created.
It is generally assumed that about 75% of all malware attacks are phishing attacks. It is therefore particularly important to train employees on the dangers and correct procedures.
Pay ransom or don’t pay?
And what should you do if you are the victim of a ransom commodity? Since the attacks are becoming more and more sophisticated and there are now even Ransomware-as-a-Service offers on the Internet or Darknet, this cannot be ruled out with all due caution.
Many contacts such as the Federal Office for Information Security (Bundesamt für Sicherheit, BSI), the Federal Criminal Police Office (Bundeskriminalamt, BKA) or the American The Cybersecurity and Infrastructure Security Agency (CISA) recommend not to comply with ransom demands. Spyware could simply be false threats; for example, threats are made to publish camera images, but the alleged victim does not have a webcam, or threats are made to affix stickers to the car. Such forms of blackmail are called social engineering.
In addition, it is simply unclear what happens after a possible payment, usually in the form of bitcoins or alternative crypto currencies, is made. Will the system, the computer, the program or the data actually be unblocked or will another ransom demand follow immediately? Since the blackmailers feel relatively safe, do not adhere to any code of honour or do not have to fear unfriendly assessments of the blackmail victims, they could simply make a new claim after payment.
Impulse to discuss:
“Overlooked. Forgotten. Neglected.” – These three human things are exploited by attackers.
The BSI provides a free downloadable paper on the subject in German at https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Themen/Ransomware_Massnahmenkatalog.html.
CISA offers five different services (Up-to-date Information, Warnings, Bulletins, Tips and Reports) at https://www.us-cert.gov/ncas. An video on combating ransomware can be found at https://www.youtube.com/watch?v=D8kC07tu27A.
In Switzerland, the Reporting and Analysis Centre for Information Assurance (MELANI) offers assistance. Among other things, MELANI publishes half-yearly reports on the development of Ransomware: https://www.melani.admin.ch/melani/en/home.html
The European Cybercrime Center – EC3 also offers a lot of useful information: https://www.europol.europa.eu/about-europol/european-cybercrime-centre-ec3
Here you will find additional information from our Smartpedia section: