The term “ransomware” refers to malicious software. The word Ransom stands for “ransomware”. The word “ware” refers to various types of computer programs (common software, Malware, etc. ).
Significant risk for business or personal damage
This malware can be an expensive business to restore systems. Just repairing the damage done usually requires a lot of human and financial resources. Especially if business operations come to a standstill as a result of the attack, such an attack with ransomware can quickly threaten the existence of a company.
In addition, in most cases, the attacker demands a “ransom”.
The ransom is due in order to regain access to the data or systems. If the data has not been fully backed up or if the backups made are also encrypted, it may be necessary to pay the demanded ransom. This is usually to be paid in Bitcoins.
Crypto Trojan or Blackmailer Trojan
Ransomware is malware, also known as crypto-trojan or extortion Trojans in German, which uses cryptographic methods to encrypt a user’s files and thus deny him access to them, sometimes even to the entire computer system and the connected network.
In the last six years, in particular, a very sharp increase in attacks using ransomware has been registered.
In the meantime, a separate business model has emerged under the catchphrase Malware-as-a-Service. Currently, for example, the Emotet malware poses a major threat.
Even visiting an infected website or opening file attachments can lead to victims becoming infected with the ransomware.
The ransomware infection
Infection with ransomware usually occurs via a Trojan that attaches to a file. A classic gateway is an email attachment in the form of an Office document that is opened by the user or a link in the email to download a file.
Other possible entry points are contaminated websites to which victims of ransomware are directed or disinfected devices such as USB devices (USB sticks, mice, keyboards) and memory cards.
Technically more advanced variants such as the “WannaCry worm” or “Emotet” can spread independently in the network even without user interaction after the initial infection.
When infecting a computer, the Trojan sometimes disguises itself as an application that is obvious and useful to the user.
Prevention is the best protection against ransomware
Prevention is the best protection against ransomware
Basic protective measures against ransomware are firewalls and antivirus programs. However, these alone cannot prevent malware infection.
Companies that want to protect themselves from the dangers of ransomware and other malware should have regular penetration tests performed, which check the company’s networks and systems for potential security holes and vulnerabilities through which infection can occur.
Professional penetration testers check, for example, whether existing security measures are configured and deployed correctly as part of vulnerability analysis. Whether the software used is up to date and secure, and whether employees and managers can be tricked into opening e-mail attachments or disclosing their log-in data by forged e-mails (phishing).
Anyone who wants to exclude or minimize risks for their company or organization should therefore have their own IT security tested regularly by means of external and internal audits.
If you do get infected...
When you detect an attack on your computer, disconnect it from the network immediately, but do not shut down the system. Immediately contact IT security professionals who can assist you in investigating, preventing, and remediating the infestation. Subsequently, it may be useful to file a report with the police; the so-called ZACs (Central Contact Point Cybercrime) of the respective federal states are usually responsible for this.
IT security specialists help with decryption and future prevention of new incidents