Some years ago the talk was all about spam: i.e., mass email shots that seem to come from a legitimate and reputable source but in fact try to fool their recipient into installing malware (Trojan, keylogger,…), access a given website or give up credit-card numbers and access credentials. This type of attack then fell out of fashion without ever dying out completely (http://www.gmv.com/blog_gmv/malware-multiplataforma/).
What is ransomware?
Until ransomware came along, that is. What is it? It is a type of attack that draws on spam’s propagation mechanisms and tricks the user into running a damaging code. Unlike everyday spam, however, it doesn’t set out to copy information from the host computer but lock it up until being paid a ransom to unlock it again: hence the name.
The difference might seem to be slight but nothing could be further from the truth. While other malware tries to be silent and go unnoticed, even slumbering for long periods, ransomware is very upfront and noisy: it immediately declares that your information has been kidnapped. As such this form of attack is also more concentrated in time. In only a few hours or days the kidnapping (whatever the outcome) is over, whereas malware may launch its attacks for months or years. The aim behind the attack is still to make money, but while malware’s loot may be forthcoming only in the long term, sometimes involving considerable effort (http://www.gmv.com/blog_gmv/follow-the-money-2/ ), ransomware seeks a more specific, rapidly achievable goal and even more modest in its haul, around hundreds or thousands of euros. And it does so by means of a threat and a “lose-lose” situation. In other words, “if I don’t get the money, you don’t get your data back”.
What can we do about it?
What can we do about this? First and foremost, some good news. Until now ransomware has always spread by means of a malign email. If we know how to fend off the spam, therefore we can skirt nearly all cases of ransomware attacks. Though it must also be admitted that hackers are becoming increasingly skillful.
And we also have to improve and consolidate our backup copies. After all, what good would it do them to kidnap our information and threaten us if we have another bona-fide copy? Very little, right? Unfortunately, however, if they do manage to kidnap the only information copy, as has happened to some organizations, then the problem is much more serious.
Neither is the problem confined to companies. It could happen to anyone, even at home, where we might perhaps be slacker in our backup copies than any professional environment should be.
Beware suspicious emails, therefore, because it’s a shame to lose those souvenir photos of a great holiday by clicking blithely on a malevolent email.
Author: Mariano J. Benito
Las opiniones vertidas por el autor son enteramente suyas y no siempre representan la opinión de GMV
The author’s views are entirely his own and may not reflect the views of GMV