How Ransomware Works and The Common Ways of Infection Including Phishing Email with Attachment & Fake Software Downloads

Ransomware is well named. It is a vicious form of malware that either locks a user out of their computer (or another device) or blocks file access. Paying a ransom is typically the only way to regain control of that attacked device. Ransomware became a widespread tool used by cybercriminals in September 2013 and it can be devastating to the intended target. This form of computer malware will result in not just downtime but data loss and possible theft of intellectual property.

For example, one company that had experienced a ransomware attack took over a month to get back on track. This involved having to clean all PCs, servers and related devices from infection. Ransomware is a serious threat to any company and tends to be aimed at medium-sized companies as opposed to giant corporations.

The most common strains of Ransomware are: WannaCry Cerber Dharma 2.0

However, there are several ways to protect your data from becoming a target of ransomware thieves. Prevention is the key and that includes installing antivirus software, anti-malware protection, firewalls and the process of keeping your devices loaded with current and up-to-date OS.

The best software protection programs are: Kaspersky Anti-ransomware Tool BitDefender Anti-Ransomware Malwarebytes 3

There are a number of ways in which your computer system can be attacked by Ransomware. Typically, the process requires that you take some form of action. In other words, you will be persuaded to download something or visit a site or open a fake illegitimate file that will include the infection.

Here is a list of some of the most common tricks used to get Ransomware into your device:

1. Phishing Email & Attachment

The below email will look legitimate with letterheads, legitimate addresses, names, phone numbers and sometimes the phone numbers will even be operational.

Good day;

Please see the below attached payment transfer copy for Invoices due 03/09/2018. The complete amount was paid and a total of EUR 45,600.23 copy for your reference and kind confirmation with your bank.

Thanks & Best Regards,

Aygul Ozkan
Account Manager
Apollo Distributor
Road 115 km 21.8 Aguada, PR 00602
Phone: 787-589-71145
Fax: 787-868-800448

The email comes with an attachment and it usually is the common ‘archive’ file labeled as Overdue Invoices of 03.09.2018-zip (as an example). After you download and open the fake zip file (actually, executing the fake zip archive) an automatic payload is started which will distribute the infection in the background without users being aware of the activity. Usually, once the .exe zip file is downloaded, it looks like an actual archive if you have your Windows Explorer set to hide extensions, which is how it is usually set by default. By the way, it’s a good idea to make sure that extensions are not hidden, so you know what type of files or extensions you are dealing with. Better be safe than sorry, right? And it doesn’t end here.

The interesting thing about Ransomware is that you are not going to even know that it has been loaded into your computer until it has been infected and you get the message telling you that there has been an infection and that your files are now encrypted. Your computer may start to show signs early such as running slower than normal for no apparent reason. This is especially true if your computer is currently holding a fairly high volume of stored data on the hard drive and public network it shares. This would be a signal to you to turn off your PC immediately and run in safe mode without networking enabled.

2. Fake Software Download

This is a really popular trick. Say there is a software program you are after and you just can’t seem to locate the source of the download. Free or not, sometimes when it is a program you REALLY need, you forget about taking the proper safety precautions. It happens. So, in the process of your search, you get forwarded to a ” phishing” website that looks legitimate. It has a link to what you are looking for and may even display (fake) reviews of how awesome that software happens to be and that it really works for everyone who uses it.

Fake Software Reviews

It’s hard to not think you’ve hit the jackpot here. So, feeling confident that you have found what you’ve been after, you download the executable, run it and…you get infected. This is a typical delivery system for all kinds of computer viruses as well but lately, Ransomware has been taking the place of common viruses in this type of fake software download trick.

3. Office Documents

Ransomware developers are far from amateurs and happen to be highly skilled at hiding things in and around other legitimate files. One of the trickiest ones is when a special code is included that requires a user to enable Macros to view the special character material in the Word document, as an example. After you enable Macros, the special code line of string runs in the background – infecting your machine.

How exactly do you end up getting these files?

Usually, you are searching for a template for a Resume or Invoice or some other one that you require for a work project you are on. BOOM! This is an easy way to get infected and it is hard to notice the signs, especially if the site you are using looks legitimate.

4. Image or Graphic Files

The key behind this method of infecting your machine is through the embedding of code in the transparent layer of the image and later exploiting variables and the vulnerability of your operating system. This is also a very sophisticated method. What happens is that the file itself is not harmful, but when it is opened by one or the other software, it will start to run the hidden code that results in encryption and infection of your files.

Ransomware Infection Through TIFF

The smart way to protect yourself in this instance is to avoid downloading suspicious files from any source that may be an email attachment or a site that you doubt is legitimate. Another good idea is to not download files of any kind from a torrent, file sharing, peer-to-peer (P2P) or other WAREZ related sources.

If you do end up with an infection, there are several free tools online that can decrypt your files.

How To Clean Your Computer Following An Infection

A fail-safe plan is to wipe clean all machines that were infected, including any network shared, attached drives. Some of the Ransomware distributions are quite complex and somewhat tricky and even if you run five anti-malware and antivirus programs, the infection may hide and lay dormant for a period of time and resurface at a later time – after you have forgotten about it.

It is also a good idea to wipe servers, in particular, in corporate settings as a virus can lurk hidden in system policies. Backing up all databases and re-deploying new environments is highly recommended.

This will ensure 100-percent safety. Just running anti-malware and antivirus programs may not provide 100-percent assurance.

Subscribe To New Posts

Loading

Request a Quote Now
Describe Your Data Loss

Thanks! We will contact you soon.
Error: Wrong Answer
Loading...