Ransomware is a form of malware that is used to extort a payment from the victim’s computer. Two forms of ransomware exists.
In one type, the files are encrypted by the virus on the system’s hard drive. In the second type, the virus locks the host system entirely. In both cases, a message is displayed demanding the user to pay a fee.
Growing threats from Ransomware:
- In recent times, there has been a tremendous growth in the ransomware based attacks. Cyber criminals are generating significant profits through ransomware. According to US Homeland Security, the Cryptolocker ransomware program and variants extracted over $100 million from victims in a 10 month period.
- Both businesses and individuals are at a higher risk of losing their files and documents permanently.
- There is no assurance that you will get access to your PC or files again after paying the fee.
CrytoLocker: The most famous ransomware
- CryptoLocker came into existence in 2013.
- It is distributed by an attachment to a malicious e-mail or as drive by download.
- At first, it tries to connect to the command-and-control server
- It creates a 2048-bit RSA key pair (public and private key pair), later it uploads the key to the server.
- The malware tries to encrypt valuable user information on the infected host machine.
- The public key is saved on the host computer and the private key is saved on the command-and-control server.
- After all this the CryptoLocker demands money and threatens to destroy the private key if the payment to the malware author is not done.
- If the host machine is infected by the CryptoLocker, it is very difficult to get it repaired.
- CryptoLocker also works in combination of Gozeus, GOZeus tries to get financial details from the host company, if it is unable to find any details that it is searching for, CryptoLocker tries to encrypt the important files and lock the host PC, holding them to ransom.
Since Cryptolocker was discovered, numerous variants have been found that copy its strategy.
Steps to remove Ransomware:
Following are the options to remove Ransomware virus from the host computer, at any given circumstance.
- Antivirus and Anti-Malware Software – This ensures virus scan, virus removal and prevent other ransomware attacks.
- Networking on a safe mode – This provides you an option to access the host system with Internet connection even when the system is infected.
- Use the Boot Recovery CD to restore your system.
- Slave Hard-drive
- Optical CD-R