ANT-Logo

Ransomware

Home Ransomware

                             Ransomware is a form of malware that locks the user out of their files or their device, then demands a payment to restore access. Ransomware attackers hit businesses, organizations, and individuals alike.

Ransomware attacks:

There are several different ways that ransomware can infect your computer.

How do I get ransomware?

  • Malspam: To gain access, some threat actors use spam, where they send an email with a malicious attachment to as many people as possible, seeing who opens the attachment and “takes the bait,” so to speak. Malicious spam, or malspam, is unsolicited email that is used to deliver malware. The email might include booby-trapped attachments, such as PDFs or Word documents. It might also contain links to malicious websites.
  • Malvertising:. Malvertising, or malicious advertising, is the use of online advertising to distribute malware with little to no user interaction required. While browsing the web, even legitimate sites, users can be directed to criminal servers without ever clicking on an ad. These servers catalog details about victim computers and their locations, and then select the malware best suited to deliver. Malvertising often uses an infected iframe, or invisible webpage element, to do its work. The iframe redirects to an exploit landing page, and malicious code attacks the system from the landing page via exploit kit. All this happens without the user’s knowledge, which is why it’s often referred to as a drive-by-download.
  • Spear phishing: . An example of spear phishing would be sending emails to employees of a certain company, claiming that the CEO is asking you to take an important employee survey, or the HR department is requiring you to download and read a new policy. The term “whaling” is used to describe such methods targeted toward high-level decision makers in an organization, such as the CEO or other executives.
  • Social engineering: An example of social engineering would be if a threat actor gathers information from your public social media profiles about your interests, places you visit often, your job, etc., and using some of that information to send you a message that looks familiar to you, hoping you’ll click before you realize it’s not legitimate.

Mobile ransomware:

 Mobile ransomware typically displays a message that the device has been locked due to some type of illegal activity. The message states that the phone will be unlocked after a fee is paid. Mobile ransomware is often delivered via malicious apps, and requires that you boot the phone up in safe mode and delete the infected app in order to retrieve access to your mobile device. 

How can I remove ransomware?

  • Install security software before you get hit with ransomware
  • Back up your important data (files, documents, photos, videos, etc.)