What is Ransomware?
In the real world, when you hear the word ransom, you immediately think someone or something is being held hostage until demands are met, which is usually in the form of a payment. The same holds true virally or in cyberspace. Ransomware is a malicious computer program used to hurl threats at unwary PC users who may have failed to secure their system with stealth Internet security protection or measures. Depending on the malware builder will determine the threat level and what true technical challenges, if any, will be waged. However, at a minimum, your data and system resources will be placed at risk.
Ransomware shares common distribution vectors used for other malicious programs because they still work. Unfortunately, many PC users continue clicking much too fast on links or attachments without verifying the source. If your computer is not properly secured by a stealth antimalware program, you are absence a safety net to catch your missteps, i.e. clicking on a poisonous link or attachment or landing on a compromised website housing a Trojan downloader. A stealth antimalware solution uses a mix of scanning techniques that include parsing of code or sandboxing to get a closer inspection of what the program ‘really’ intends to do. If a malicious or even suspicious behavior is uncovered, the download will be blocked.
Similar to the real world, viral kidnappings or hostage takeovers involve three main components: possession, threat or demand (ransom note) and instructions for payment. Most ransomware (or ransom notes) are accusatory, making false claims of online criminal or immoral acts (i.e. pirating, copyright infringement or watching porn, child or adult). There are many variations currently running wild on the Internet, but an example ransom note (English translation) might reads as follows:
“Attention! Illegal activity was detected. The operating system was locked for infringement against the laws of Switzerland. Your IP address is [REMOVED]. From this IP address, sites containing pornography, child pornography, bestiality and violence against children were browsed. Your computer also has video files with pornographic content, elements of violence and child pornography. Emails with terrorist background were also spammed. This serves to lock the computer to stop your illegal activities”.
The victim may be threatened with jail time or erasure of valuable data stored on the system, so a complete crash and wipeout. At a minimum, the victim will be not able to use his or her system as before until matters have been addressed, i.e. ransom payment or in reality, removal of the infection. As with many ransomware, NEVER did the offender (cybercrook) intend to release or unlock the system or data. Rather, the primary goal is to cheat the victim out of money and secondarily, violate the victim’s intellectual property further, i.e. steal stored data, misuse of system resources, etc.
First of all, threats that claim to send police or legal authorities to your doorsteps to confiscate your intellectual property containing the ‘evidence’ is simply ludicrous! Had the ‘real’ authorities been involved, they would not have given you a heads up or communicated by computer. Rather, you would have been ambushed and most likely your ISP provider would have commandeered the digital lockdown. Even more logical is your (aka the victim’s) ability to destroy all evidence after being provided a heads up, so why would you even think to pay up ransom! Other impersonations might be a call from Microsoft personnel (again, a fake) or Web Cam recordings as evidence of who you are and so on.
Threats are usually followed up by a deadline in which ransom must be paid and of course, the preferred method of payment. Scared or guilty parties who give into the demands are provided instructions that involve online payment services such as Ukash vouchers or prepaid card services like MoneyPak. Cybercriminals prefer these type services because they offer quick payment and are hard to trace, thus aiding in their getaway. Technically speaking, many of these threats are idle in such the actual ransomware is absent of true programming to carry out its threats of data erasure and, as previously mentioned, makes empty threats of sending police to your doorsteps to arrest you. However, there are ransomware programs in the wild that are stealth and can indeed make good on threats as they relate to encrypting and destroying valuable data. In fact, some malicious programs will cause a total wipeout by crashing the system’s drive. Therefore, do not ignore ransomware but rather answer aggressively by removing immediately.
In the case of using Ukash vouchers, they come in preset denominations and if the ransom falls between the set value (i.e. ransom is $75 but set values are either $50 or $100, thus requiring the purchase of the higher amount), legitimate services would usually refund the difference by issuing a PIN. As expected, the criminal receiver does not make good on refunds and also no surprise, the victim is denied the needed code to unlock their system or restore it back to its normal use. Like all malware tools, ransomware was never intended to benefit you but rather the sinister creator or buyer. Also, similar to other malware, ransomware has a hidden agenda that involves an underlying or background attack on vital data and system resources. From the time the malicious program landed inside your system, the following was arranged:
- Opening of a two-way port to report successful infiltration and implantation of malicious files and components. New instructions may be issued or more malicious files downloaded. A backdoor will be left open to allow a hacker to gain remote access, add the infected system to a bot and maliciously use the system resources to jam up web traffic of targeted and fundamental websites.
- Malicious files supporting the breach, including encryption coding (if so ordered), will be put into play, including a malicious executable added in memory that rejuvenate the attack at each new boot.
- Weaker antivirus tools will be deactivated, including halting of Windows security updates.
- Administrative controls that aid in either detection or removal will be disabled.
- The operating system will too be negatively impacted so that the only screen visible and running will be that of the ransom note.
While manual removal is not impossible, it will be quite challenging for the novice PC user. Malware infused with rootkit technology is able to hook legitimate running processes and mask malicious files by naming them the same as legitimate OS services and files. Deleting or removing the wrong ones could make matters worse and the threat of losing data could be exacted by your own hands. Therefore, to combat such intrusive and aggressive malware successfully, you should rely on a formidable opponent, a stealth antimalware solution already tried and tested and able to remove infections without causing further harm.
List of Ransomware Parasites:
Viewing 10 of 216Windows Blocked ransomware
What Is the 'Windows Blocked' ransomware Infection? The 'Windows Blocked!' ransomware infection is a threatening message that attempts to scam computer users into paying a certain amount. Like most ransomware, the 'Windows Blocked!' ransomware infection takes your computer hostage and refuses to give back control of the ...
Read more »
» 'Achtung!!! Ein Vorgang illegaler Aktivitaten wurde erkannt' Ransomware
'Achtung!!! Ein Vorgang illegaler Aktivitaten wurde erkannt. Schweizerische Eidgenossenschaft' (English meaning: 'Attention! An operation of illegal activities was detected. Swiss Confederation') is a Swiss ransomware warning message that targets Windows operating system. 'Achtung!!! Ein Vorgang illegaler Aktivitaten wurde erkannt. Schweizerische Eidgenossenschaft' locks the victim's desktop and ...
Read more »
» 'I Suoi Archivi Sono Stati Cifrati' Ransomware
'I Suoi Archivi Sono Stati Cifrati' (English translation: 'My archives are encrypted') is a ransomware and fake message that targets Italian PC users. 'I Suoi Archivi Sono Stati Cifrati' false warning message claims that some of the archives, such as images, photos, documents, etc. were encrypted ...
Read more »
» Strathclyde Police Ukash Virus
The Strathclyde Police Ukash Virus is a typical form of the ransomware malware scam. These kinds of scams are designed to lock your Windows operating system, preventing your access to your own desktop. Then they will only return control once you pay a certain amount. The Strathclyde ...
Read more »
» Hande Hoch 'Hands up' Ransomware
ESG malware analysts have detected an ongoing business transaction through which the creators of the Hande Hoch 'Hands up' Ransomware family are attempting to expand the reach of their malicious Winlockers. They are attempting to do this through affiliate marketing techniques. Affiliate marketing, as applied to legitimate ...
Read more »
» Guardia di Finanza Ransomware
The Ukash Virus is an infamous winlocker that has attacked computer systems from all around the world, creating a considerable (and highly illegal) profit for its creators. The Guardia di Finanza Ransomware is simply the Italian version of this pernicious malware infection. ...
Read more »
» Gendarmerie Nationale Ransomware
Gendarmerie Nationale Ransomware – The French Edition of the Infamous Ukash Trojan The Ukash Trojan is a Winlocker that has infected a great number of computer in Europe. By harassing its victims and taking their computer systems hostage, the Gendarmerie Nationale Ransomware infection is responsible ...
Read more »
» Police Central e-crime Unit (PCEU) Ransomware
ESG malware analysts have detected various instances of an additional variation on the 'Metropolitan Police' ransomware scam that takes the form of a Police Central e-crime Unit (PCEU) ransomware message which locks the victim's computer system, preventing access to the desktop, Task Manager or any of the ...
Read more »
» ACCDFISA Protection Program Ransomware
ACCDFISA Protection Program is a ransomware computer threat that is supposedly able to encrypt your files using AES encryption and then locks your Windows desktop. When on a compromised PC, ACCDFISA Protection Program Ransomware will declare that it represents the Anti Cyber Crime Department of Federal Internet ...
Read more »
» Polizia postale e delle comunicazioni Ransomware
Polizia postale e delle comunicazioni Ransomware - One More Version of the Ukash Virus ESG security researchers have gotten various messages of infection with variants of the Ukash Virus. The Polizia postale e delle comunicazioni ransomware is one of the many possible faces of this nefarious winlocker. Basically, ...
Read more »