In the real world, when you hear the word ransom, you immediately think someone or something is being held hostage until demands are met, which is usually in the form of a payment. The same holds true virally or in cyberspace. Ransomware is a malicious computer program used to hurl threats at unwary PC users who may have failed to secure their system with stealth Internet security protection or measures. Depending on the malware builder will determine the threat level and what true technical challenges, if any, will be waged. However, at a minimum, your data and system resources will be placed at risk.

Ransomware shares common distribution vectors used for other malicious programs because they still work. Unfortunately, many PC users continue clicking much too fast on links or attachments without verifying the source. If your computer is not properly secured by a stealth antimalware program, you are absence a safety net to catch your missteps, i.e. clicking on a poisonous link or attachment or landing on a compromised website housing a Trojan downloader. A stealth antimalware solution uses a mix of scanning techniques that include parsing of code or sandboxing to get a closer inspection of what the program ‘really’ intends to do. If a malicious or even suspicious behavior is uncovered, the download will be blocked.

Similar to the real world, viral kidnappings or hostage takeovers involve three main components: possession, threat or demand (ransom note) and instructions for payment. Most ransomware (or ransom notes) are accusatory, making false claims of online criminal or immoral acts (i.e. pirating, copyright infringement or watching porn, child or adult). There are many variations currently running wild on the Internet, but an example ransom note (English translation) might reads as follows:

“Attention! Illegal activity was detected. The operating system was locked for infringement against the laws of Switzerland. Your IP address is [REMOVED]. From this IP address, sites containing pornography, child pornography, bestiality and violence against children were browsed. Your computer also has video files with pornographic content, elements of violence and child pornography. Emails with terrorist background were also spammed. This serves to lock the computer to stop your illegal activities”.

The victim may be threatened with jail time or erasure of valuable data stored on the system, so a complete crash and wipeout. At a minimum, the victim will be not able to use his or her system as before until matters have been addressed, i.e. ransom payment or in reality, removal of the infection. As with many ransomware, NEVER did the offender (cybercrook) intend to release or unlock the system or data. Rather, the primary goal is to cheat the victim out of money and secondarily, violate the victim’s intellectual property further, i.e. steal stored data, misuse of system resources, etc.

First of all, threats that claim to send police or legal authorities to your doorsteps to confiscate your intellectual property containing the ‘evidence’ is simply ludicrous! Had the ‘real’ authorities been involved, they would not have given you a heads up or communicated by computer. Rather, you would have been ambushed and most likely your ISP provider would have commandeered the digital lockdown. Even more logical is your (aka the victim’s) ability to destroy all evidence after being provided a heads up, so why would you even think to pay up ransom! Other impersonations might be a call from Microsoft personnel (again, a fake) or Web Cam recordings as evidence of who you are and so on.

Threats are usually followed up by a deadline in which ransom must be paid and of course, the preferred method of payment. Scared or guilty parties who give into the demands are provided instructions that involve online payment services such as Ukash vouchers or prepaid card services like MoneyPak. Cybercriminals prefer these type services because they offer quick payment and are hard to trace, thus aiding in their getaway. Technically speaking, many of these threats are idle in such the actual ransomware is absent of true programming to carry out its threats of data erasure and, as previously mentioned, makes empty threats of sending police to your doorsteps to arrest you. However, there are ransomware programs in the wild that are stealth and can indeed make good on threats as they relate to encrypting and destroying valuable data. In fact, some malicious programs will cause a total wipeout by crashing the system’s drive. Therefore, do not ignore ransomware but rather answer aggressively by removing immediately.

In the case of using Ukash vouchers, they come in preset denominations and if the ransom falls between the set value (i.e. ransom is $75 but set values are either $50 or $100, thus requiring the purchase of the higher amount), legitimate services would usually refund the difference by issuing a PIN. As expected, the criminal receiver does not make good on refunds and also no surprise, the victim is denied the needed code to unlock their system or restore it back to its normal use. Like all malware tools, ransomware was never intended to benefit you but rather the sinister creator or buyer. Also, similar to other malware, ransomware has a hidden agenda that involves an underlying or background attack on vital data and system resources. From the time the malicious program landed inside your system, the following was arranged:
  • Opening of a two-way port to report successful infiltration and implantation of malicious files and components. New instructions may be issued or more malicious files downloaded. A backdoor will be left open to allow a hacker to gain remote access, add the infected system to a bot and maliciously use the system resources to jam up web traffic of targeted and fundamental websites.
  • Malicious files supporting the breach, including encryption coding (if so ordered), will be put into play, including a malicious executable added in memory that rejuvenate the attack at each new boot.
  • Weaker antivirus tools will be deactivated, including halting of Windows security updates.
  • Administrative controls that aid in either detection or removal will be disabled.
  • The operating system will too be negatively impacted so that the only screen visible and running will be that of the ransom note.
While manual removal is not impossible, it will be quite challenging for the novice PC user. Malware infused with rootkit technology is able to hook legitimate running processes and mask malicious files by naming them the same as legitimate OS services and files. Deleting or removing the wrong ones could make matters worse and the threat of losing data could be exacted by your own hands. Therefore, to combat such intrusive and aggressive malware successfully, you should rely on a formidable opponent, a stealth antimalware solution already tried and tested and able to remove infections without causing further harm.

How Can You Detect Ransomware?

Download SpyHunter’s Detection Scanner
to Detect Ransomware.
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

There are 1,072 articles listed on ransomware.

Name Threat Level Detection Count Date
Threat Finder Ransomware 1010/10 2 July 23, 2015
CryptoFortress 1010/10 21 March 18, 2015
Ransom:Win32/Isda 1010/10 6 April 3, 2015
ScreenLocker Ransomware 1010/10 42 November 17, 2015
!XTPLOCK5.0 File Extension’ Ransomware 1010/10 6 October 13, 2016
“Demo” Ransomware November 16, 2016
‘.0ff File Extension’ Ransomware 1010/10 95 November 28, 2016
‘.342 File Extension’ Ransomware 1010/10 34 December 16, 2016
‘.73i87A File Extension’ Ransomware 1010/10 64 January 15, 2016
‘.777 File Extension’ Ransomware 1010/10 64 May 23, 2016
‘.7zipper File Extension’ Ransomware 1010/10 95 February 16, 2017
‘.aaa File Extension’ Ransomware 1010/10 77 June 9, 2016
‘.abc File Extension’ Ransomware 1010/10 96 January 26, 2016
‘.aes256 File Extension’ Ransomware 1010/10 67 January 4, 2017
‘.aesir File Extension’ Ransomware 1010/10 89 November 28, 2016
‘.blackblock File Extension’ Ransomware 1010/10 27 November 22, 2016
‘.braincrypt File Extension’ Ransomware 1010/10 73 December 21, 2016
‘.ccc File Extension’ Ransomware December 17, 2015
‘.duhust Extension’ Ransomware 1010/10 68 November 22, 2016
‘.ecc File Extension’ Ransomware 1010/10 79 June 9, 2016
‘.exploit File Extension’ Ransomware 1010/10 79 November 23, 2016
‘.exx File Extension’ Ransomware 1010/10 90 January 26, 2016
‘.ezz File Extension’ Ransomware 1010/10 89 January 26, 2016
‘.GSupport3 File Extension’ Ransomware 1010/10 28 November 22, 2016
‘.him0m File Extension’ Ransomware 1010/10 66 April 5, 2016

1 2 3 4 5 6 7 8 9 10 11 43
Search by Letter: A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  0  1  2  3  4  5  6  7  8  9  
Home | SpyHunter Risk Assessment Model | Privacy Policy | EULA | Additional Terms and Conditions
Copyright 2003-2017. Enigma Software Group USA, LLC. All Rights Reserved.