What is ransomware?

Computer hacking has evolved considerably over the past 20 years. What was once a “hobby” to demonstrate technical prowess, by breaking into systems and putting graffiti on web sites, then evolved into stealing as a way of gaining criminal financial reward.

One of the main targets was credit card numbers, which could then be sold on the black market to criminal gangs. However, the ease and success rate by which credit card numbers have been stolen has led to such a surplus that the value of each stolen credit card number is now very low.

The effect is that criminals are looking for new ways of extracting value from their victims.

Ransomware Image

The rise of ransomware

Until recently, it was difficult for attackers to directly extort money, as it was too traceable.

However, the advent of bitcoin, an untraceable electronic currency, has changed this.

It is now possible to request bitcoins, and spend them in exchange for material value, in a way that cannot be traced back to the act of extortion – making Bitcoins the perfect tool for money laundering.

As a result, criminals are now using bitcoins to extract value from their victims using ‘ransomware’. The uptake in ransomware this year has been significant, with one report showing a 3,500% rise in the first quarter of the year compared to 2015.

How does ransomware work?

Ransomware works by infecting a computer and performing a reversible act, such as encrypting all the files and requesting a ransom is paid for the files’ safe return.

The victim pays the attacker in bitcoins and is given the information needed to unencrypt the files.

However, although at this point the business may have its files back, the attacker is likely to still have access to the computers.

The firm would need to assess how the hackers ‘broke in’ and perform a thorough clean up to prevent them simply coming back for more bitcoins in the future.

This assessment is a job for experts. Contacting a cyber incident response expert for assistance would be beneficial.

To find out more about ransomware why not attend the East Midlands Cyber Security Forum’s next event on 13th October in Nottingham.