Ransomware (How It Works?) — A growing cyber attack

Rahul Sharma
2 min readDec 10, 2019

--

Ransomware attacks anything from websites to personal files to official documents. The attacks are typically carried out using a Trojan, entering a system through, for example, a downloaded file, an email or through a infected pen drive. The program then runs a payload which locks the system or a certain important section of the system for further usage. The most sophisticated payloads encrypt files, with many using strong encryption to encrypt the victim’s files in such a way that only the malware author has the needed decryption key. It is always about payments; the victim being coerced to pay. Only the attacker has the decryption key, may be in the form of a payload which undoes the previous program or decrypts the locked system, once the payment is done.

Although ransomware is usually aimed at individuals, it’s only a matter of time before business is targeted as well.

It is not uncommon for the industries around us to be under the threat of Ransomware and continually operate under the scare of an attack. Many industries and businesses have already fallen prey to the attack of Ransomware and hence it is of utmost importance to be updated about the recent trends in the cyber security industry and be protected against attacks of all domains. In the case of a Ransomware, security software cannot always guarantee the safety of your system specially in cases of encrypted payloads. Here the attack is detected only once the file is executed, in which case it is futile to detect the malware. Also, the payload is, almost every time, of a new version than from the ones previously detected by the software, which is unknown to the software. If detected in the early stages, it is possible to obliterate the malware before the encryption is executed. Years of research and study on this platform has led security experts to educate the industry with preventive measures of dealing with ransomware. It is always beneficial to take an “offline” backup of important files and documents on external drives as the malware does not affect external drives. Although there are specific tools in place to decrypt the ransomware files, successful recovery is not possible in almost all cases, once affected.

This makes ransomware a “Prevention is better than cure” scenario. Since data is not recoverable without the payment of the ransom.

I am researching on various security holes and patching accordingly for my clients to protecting clients private/public data against such attacks. I ensure realtime security against such attacks as the malware and trojans can be detected before they can be executed. Contact me to know more.

--

--