Ransomware Explained

When run, ransomware typically takes control of the machine then behind the scenes covertly it usually encrypts your personal files with an encryption key that only the hacker knows. There are other techniques that ransomware uses other than encryption but generally, it does something to hold you ransom and then when it’s done what it intended to do a message will pop up like the one you can see below and it will tell you your files are encrypted and that your options are to pay the ransom usually via a digital currency such as Bitcoin.


You can attempt to crack the encryption which will have limited success if they’ve implemented it properly or you can choose to lose access to your files. Most people tend to pay as the hackers keep the amount relatively low like a few hundred dollars or so in order so that people will pay.

Ransomware is now an extremely common attack vector. Hackers have realized that everybody cares about their own files so they can target anyone and especially soft targets like a home user or a business who thinks that they have nothing of value to a hacker so they haven’t invested in any real security. There are still people in companies who be like “I have nothing of value, why would a hacker bother with me?” Well, they have nothing of value to someone else but they have something of value to themselves and that is what Ransomware is targeting.

Ransomware is the current big threat. It’s much easier to ransom a soft target like a home user or a hospital that can’t afford security staff than it is to break into a bank and try to exfiltrate credit card numbers or move money out of one account into another account and then bounce that money around the world

Victims of ransomware sometimes don’t even bother reporting it because they think, well just nothings going to be done anyway and the truth is often that’s the case, the police just record that has happened and there’s nothing that they can do.

Why is Ransomware dangerous?

There are four super relevant and super important reasons why Ransomware is so dangerous. First it doesn’t need to escalate permissions to root or to the admin user to encrypt the files or to do the damage or to take control. People’s files exist in user space so privilege escalation to admin isn’t required and that’s a big advantage for the hacker.

Second reason is that ransomware doesn’t need to tunnel network connections out for remote control. It just needs to run once and then it can encrypt the files and display its message. Job done, easy and simple.

Third, it can all be done automated. Once a hacker has set up a distribution method like through phishing or through malwaretising in order to get the ransomware to run and they can then sit back and watch the money rolling. And this must be very tempting for people, especially in poorer countries. The cost of ransomware was almost around 170bn in 2019 and the overall annual cost of global cybercrime is expected to be around 6 trillion by 2021

And the fourth reason is that Ransomware is going to be big for the foreseeable future as there are millions of variants of ransomware varied from many dozens of distinct code families which means Ransomware is easy to obtain or buy or acquire, easy to modify and easier to distribute. You might only need to change who the payment needs to go to by changing for example the bitcoin address and then you’ve got your own ransomware to send out.

Ransomware is a major reason why we need effective antivirus anti malware endpoint protection. Security needs to travel with the asset in order to protect the asset from threats such as ransomware.

Leave a Comment