What is Ransomware?
Ransomware is a type of malicious software that infects a computer, usually after an unsuspecting user downloads it. The malicious software may demand a ransom from a user’s bank or online account in order to access their data.
These threats usually come disguised as emails and may look quite innocent, like software updates. In reality, this dangerous software is able to steal data and damage a user’s computer and digital files. Even if users delete these threats, they can often still be recovered by using recovery software.
Ransomware usually affects a computer by installing a harmful software program that may seem legit and harmless at first. One of the most popular examples is the ‘’CryptoLocker’’. It will encrypt your files and then ask you to pay to remove the encryption and free your files. If you do not comply, then you will never be able to access your files.
Here are some new types of ransomware that you should be aware of.
1. Talking Ransomware
If your computer is infected with the Cerber ransomware (typically via an email attachment posing as a Microsoft Office document), your data will be encrypted, with each file given a new file extension: .cerber.
Note: Unless you’re in Russia or the Ukraine, or other former USSR nations, such as Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Turkmenistan, Tajikistan, or Uzbekistan. If you are situated in these locations, the Cerber ransomware will deactivate.
You’ll know that you’re infected by Cerber as a notice will appear on your desktop. Furthermore, instructions on how to pay will be found in every folder, in TXT, and HTML format. You’ll also find a VBS file (Visual Basic Script) which, when opened, will dictate instructions to you. That’s right: this ransomware talks you through how to pay the ransom and decrypt your data.
2. Play Our Game… Or Else
In April 2018, we saw the PUBG Ransomware which took a different approach to hold your computer to ransom. Rather than demand money for your locked files, the coder behind this odd piece of malware gives you a choice:
- Play the videogame PlayerUnknown’s Battlegrounds (available for $29.99 on Steam).
- Just paste this code we’ve provided on-screen for you, you’re good.
It is, in effect, unmalware. Although potentially annoying, and appearing to be actual ransomware, the PUBG Ransomware appears to be nothing more than an elaborate promotional tool, no doubt conceived to gain a few column inches for PlayerUnknown’s Battlegrounds.
Doesn’t seem so bad, does it? Well, apart from the fact that it certainly does encrypt your files, and rename the file extensions (to .pubg). In short, if you found yourself torn between pasting some code and buying a three-star PvP shooter, you should probably take action. If this was real ransomware, you’d be paying out at least ten times the amount.
Unfortunately, this is one of the only types of ransomware that’s this easy to defeat.
3. I’ll Delete One File at a Time
Jigsaw deletes your files, one by one. As if it wasn’t bad enough having all your data locked in an unknown state of existence, the Jigsaw ransomware takes the scam further. Originally known as “BitcoinBlackmailer,” this ransomware gained a new name thanks to the appearance of Billy the Puppet, as seen in the Saw “torture porn” movie series.
First spotted in April 2016, Jigsaw spread through spam emails and infected attachments. When activated, Jigsaw locks the user’s data and the system Master Boot Record (MBR), then displays the attached message.
This is essentially a threat: if the ransom isn’t paid (by Bitcoin) within an hour, a file will be deleted from your computer. For every hour you delay, the number of files that are deleted increases, considerably reducing your odds in this encryption lottery. Oh, and rebooting, or attempting to terminate the process (Jigsaw poses as the Mozilla Firefox browser or Dropbox in the Windows task manager) results in 1000 files being deleted.
One last thing: later versions of Jigsaw threatens to dox the victim if they don’t pay up. By incentivizing the victim through menaces, this type of ransomware has changed the malware game.
4. Oh, You Paid Already? Tough
We’re familiar with how ransomware works. You get infected with malware that encrypts your vital data (or entire computer), then forces you to pay a ransom to unlock. Your files are then back in your hands via a decryption key. Right?
Usually, but not with Ranscam.
Just when you thought everything was straightforward with ransomware comes an example that just takes the money and runs. Oh, and they don’t even bother to encrypt your data as part of the pretence—your data is deleted.
While most ransomware scams are clearly written by experts, some doubt has been cast over the proficiency of the hand behind Ranscam. Less sophisticated than other types of ransomware, Ranscam is nevertheless effective. The more notorious Petya ransomware strain was also known to obliterate data, rather than return access to the user.
5. Yes, We Locked Your TV
In June 2016 it was discovered that the FLocker ransomware (ANDROIDOS_FLOCKER.A) that had previously hit Android phones and tablets, had evolved. Android-powered Smart TVs were added to its list of targets.
You may have already heard of FLocker, even if you don’t know its name. It’s one of the ransomware types that displays a “law enforcement” warning, informing you that illegal material has been viewed on your system. It’s also targeted at Western Europe and North American users; in fact, anyone who isn’t in Russia, Ukraine, or any of the other former USSR nations.
Payment is demanded via iTunes vouchers (often the target of scammers), and once received, control of your Android phone or TV is returned to you.
6. We Really Locked Your Data, Honest!
Amazingly (or perhaps not, when you think about it) there are ransomware strains that don’t actually do anything at all. Not in the same way as PUBG Ransomware; no, these examples are simply fake popups, claiming to have control of your computer.
The principle behind this sort of ransomware is simple, yet it has enough clout to make it profitable. It is not uncommon for victims to fork over money without realising that they did not need to do so. Their information was not protected by encryption. Pop-up windows are the most common form of delivery for these kinds of ransomware assaults. You can’t dismiss the window, and the only option is to pay $300 in Bitcoin to decrypt your data, which looks to be the only option.
If you want to check if the ransomware you’ve been hit by is genuine, and not a cheap(er) scam, try closing the window. In Windows, use Alt + F4. It’s Cmd + W on Mac. If the window closes, update your anti-virus software immediately and scan your PC.
7. Ransomware in Disguise
Lastly, it is worthwhile to examine how ransomware may fool through appearance. You already know that ransomware is delivered to PCs using phishing email attachments. In this instance, attachments are disguised as valid DOC files and are delivered with spam emails saying you owe money; the attachment is the invoice. Downloading compromises your system.
Other disguises are used, however. For instance, the DetoxCrypto ransomware (Ransom.DetoxCrypto) claims to be the popular Malwarebytes Anti-Malware software, albeit with a slight name change (“Malwerbyte”). Then there’s the Cryptolocker variant (CTB-Locker) that pretends to be a Windows Update.
Thought you’d seen it all from ransomware? Think again! Scammers will stop at nothing to grab the contents of your wallet, and they’re coming up with new types of ransomware all the time.