How Does Ransomware Work?
In a real-life ransom, a kidnapper captures a person and holds them prisoner. The kidnapper then demands a large sum of money from their friends, family, employer, or government in exchange for their safe release. If the money isn’t forthcoming, kidnappers have been known to apply extra pressure by torturing their victim or even sending body parts through the mail.
Cybercriminals in the 21st century operate similarly, except instead of your best friend, mum, intern, or an unlucky tourist, it’s the data on your home computer or server that’s held hostage.
Usually, the first indication that you’ve fallen victim to a Ransomware attack is when you log into your PC one morning and find all your data encrypted, with the only accessible file being a ransom note demanding payment—usually in Bitcoin or some other cryptocurrency.
The scam is simple: pay the money and the criminals will send you a key with which you can unlock your files.
Depending on how the actor is holding your files ransom, there may be a timer which randomly deletes your files (rather like cutting off a finger) the longer you delay. Another pressure tactic is to release unencrypted versions of your files on the internet, which can be embarrassing to you and potentially dangerous if the files contain private information.
Often criminals subcontract parts of the work, employing a third party to provide penetration and encryption services.
While the US government, in an advisory document related to ransomware, “strongly discourages all private companies and citizens from paying ransom or extortion demands”, handing over the cash is often the quickest and least painful way of recovering your data.
What Is Fake Ransomware?
Ransomware attacks have been carried out since at least 1989. Many computer users and organizations have come to expect that paying the ransom usually allows them to swiftly recover their files. In cases where proprietary information, customer details, or people’s lives are at stake, this can be the quickest way to get up and running again. Organizations can then pour additional resources into strengthening network defenses to resist this kind of attack.
Now more criminals have realized that ransomware is a profitable venture and are setting out to extort money without delivering on the promise to return the stolen data.
At first glance, there’s no way to tell fake ransomware apart from real ransomware. You wake up, grab a cup of tea, and turn on your PC. Oh no! Your files are encrypted and there’s a menacing text file telling you to send Bitcoins or face the inevitable destruction of your data.
But sending the funds is the last interaction you’ll have with the criminals. They’ll disappear, laughing, into the night, and leave you with no way to unlock the encrypted files on your computer. You’ve lost the ransom and the data. This isn’t the worst possible outcome though—the criminals may still release all or part of your data onto the web.
Why Does Fake Ransomware Exist?
Encrypting data takes time, and maintaining a channel of communication with the victim is risky. You could go to the police or the FBI, and while the chances of the criminals actually being caught are very slim, sending the decryption key to unlock your files can actually increase the odds that someone discovers their location.
It’s far easier for criminals to take the money and run. This will doubtless annoy different criminals, as it erodes trust in their “honest” ransomware business model.
You Should Never Pay Ransomware Demands
When you receive a ransomware demand, you should ignore it. If it’s critical business data, you should have backups, and if your home computer is being held to ransom, wipe it and install a new copy of your OS. If you pay the ransom, there’s no guarantee that your data will be decrypted.
Money raised by ransomware goes to funding more criminal activity. Instead, use the ransom money to beef up your computer security so this doesn’t happen again.
