Ransomware is malicious software (malware) that a cyber criminal places on a victims computer via the computer's Operating System. The ransomware allows the cyber criminal to have sole access to the victims computer, preventing the victim from being able to access the computer and its data. The cyber criminal/ hacker will then request money in exchange for granting computer access back to the victim.
Ransomware Access to a Computer
Ransomware attacks weak points in the computer’s Operating System:
An operating system (OS) is the software that runs a computer or device. The OS manages the computer's memory and processing. The OS enables the user to operate the computer without knowing coding. Everything that is seen on the computer’s monitor is the OS.
OS examples: Apple iOS 14 and Android 10.
How Does Ransomware Get on a Computer?
The most common way ransomware gets on a victims computer is via phishing email:
A phishing email is an email that has a downloadable attachment which is the ransomware.
The email will attempt to look innocent or similar to an email the victim is expecting. The victim will then download the malicious software attachment, thinking it is something else.
The Victim of Ransomware
Average citizens can be victims of ransomware; however, the ideal target for a computer hacker will be businesses. Ransomware is a large IT security issue for most businesses. These businesses often find that they cannot afford to have their data frozen due to the loss in company revenue.
How to Prevent Ransomware
The best cyber security method to preventing ransomware is to not open unfamiliar emails. This can be tricky:
Many phishing emails look similar to reputable emails with a character or two changed: email@example.com can be changed to firstname.lastname@example.org
Possible victims need to look at every letter and number in the email to see if they match up to the correct email.
Examples of Ransomware
The Black Cat ransomware organization infecting Shell with ransomware. This affected and shut down over two hundred gas stations in Germany.
Cargo airline Swissport was infected by ransomware which grounded their planes at Zurich international airport.
The activewear company Puma had their employee data shut down by a ransomware attack.
Sinclair Broadcast Group
The American broadcasting company Sinclair had their communications shut down, causing broadcasting issues.
About the Author
Peter Sandru is an Instructor & Co-Founder of NDIL with over 15 years as a Professional Investigator. Peter has spent more than a decade conducting investigations and security operations throughout the world, primarily for corporations, law firms, and government agencies. Peter has assisted in the creation of numerous investigative & security training programs in various capacities.