What Is Ransomware And How To Defend.

Ransomware is a form of malware that is “malicious software,” which harms systems as well as user data.

After the “attack” the victim receives instructions on how to proceed to obtain the key. This ransom can range from a few hundred to thousands of dollars, paid to criminals in bitcoin.

Ready to learn more about how this practice occurs and thus avoid headaches? So carry on with me.

The story of ransomware

The first reports of ransomware were reported in Russia, then in other parts of Eastern Europe between 2005 and 2009.

In the beginning, online payment methods were not as popular as they are today, and this made it difficult to collect ransoms, some victims in Europe and the United States were instructed to pay ransoms via SMS messages or with prepaid cards.

But the growth of digital payment methods, especially bitcoin, has contributed a lot to the ransomware infestation. Bitcoin has become the most popular method of demanding ransom because it helps to anonymize transactions to prevent attackers from being tracked.

According to Symantec, some early versions of ransomware displayed pornographic images on a victim’s machine and demanded payment to remove them. The victim was instructed to make payments via SMS text messages or by calling a premium rate phone that would generate the revenue for the attacker.

How ransomware works

As mentioned at the beginning, if you had your computer infected by ransomware, you would have pornographic images displayed on your computer screen. And at that moment formatting a computer as a last resort was not such a difficult thing.

However, these attacks were not effective, so the invaders evolved causing the infected machine to stop the functioning of accessories such as keyboard, mouse, etc.

Making it impossible for the user to backup and format the machine without losing data.

However, it was still possible to find ways to work around the problems and recover with a little work the data and perform the formatting.

However, from the creation of Cryptware, ransomware evolved into what it is today. The malware locks files using a private key that only the attacker has, from there instead of locking the hardware. So the attacks become more effective. Soon the user has their data locked and is informed that a cash ransom is required in order to recover their files.

These days’ ransomware does not only affect computers, they have evolved and already affect smartphones. In 2015, In the Wild ransomware disguised itself as a porn app. The so-called Porn Droid app targeted Android users and allowed attackers to lock the phone and change its PIN number, while demanding a $500 ransom from victims to regain access.

That same year, the US Federal Bureau of Investigation and the FBI issued an alert about several types of ransomware that were being spread. All this as a way to prevent more people from being harmed, as several companies, government agencies, academic institutions and even law enforcement officers were victims.

How Ransomware Attack Occurs

Above all, the user gets infected by ransomware when they open link or email file from strangers. However, nowadays, it is normal to try to deceive the user by sending charges, non-existent legal actions, causing a moment of distraction, making the user often open the content at the moment of a possible scare. But it is not only through user action that intrusions occur, a computer can be directly infected if they have access to a port that is compromised.

Right after ransomware infects all files, photos, videos, etc. And when accessing the data, a message will be displayed informing you about the ransom.

Are ransomware attacks profitable?

At this point we can say that the attacks always hit users, but with 2 scenarios. The first case hits the simple user at home and that puts only their files at risk.

But it doesn’t stop there… Because in the second case the user is in a corporate environment where computers are connected in a network. And in this case it ends up infecting not only your machine, but an entire network of computers and especially servers. These servers usually concentrate all the information needed to keep a company running.

Invasions in residential environment

Unfortunately, the ransom business is growing a lot, in India alone in 2020 ransomware attacks increase by 715% according to a Bitdefender report.
However, just to give you an idea of ​​how profitable ransomware can be, in 2012, Symantec gained access to a command and control server used by the CryptoDefense malware, which turned out to be frightening at the time.

The attack infected about 5,700 computers in one day. During access, two Bitcoin accounts were identified that were used to receive ransom from those who unfortunately succumbed to the attack.Ransom with an average cost of US$200 per computer, about 3% of victims paid the demanded amount.

Calculating we have about US$ 34,200 on that day alone, at this same rate we are talking about US$ 1 million dollars in a month. All this based only on a single server that Symantec had access to. But in an operation of this magnitude it is certain that the attackers should be carrying out attacks through several servers and directing the ransoms to more bitcoin accounts.

However, these values ​​are just an estimate, and can be more or less, it all depends on how effective the persuasion technique is used to get the user to click on the file.

Invasions in the corporate environment

Here I will address among numerous attacks that have occurred in recent years, only those carried out by the hacker group known as REvil.

  • Quanta Computer: In April 2021, the group stole Apple production information, and the ransom amount was $50 million.
  • Colonial Pipeline: responsible for supplying fuel on the east coast of the United States, the company paid US$ 5 million as a ransom to REvil to restore its operations; the attack caused gas shortages in the region.
  • JBS: The Brazilian food group had its operations paralyzed in Australia, Canada and the United States; to restore its systems, the company paid an $11 million ransom to REvil.
  • Kaseya: REvil infected a Kaseya VSA system update, which was later distributed to customers. Hundreds or thousands of companies were infected in the aftermath, here the ransom amount was $70 million.

How can I defend myself from ransomware?

While there are methods for dealing with a ransomware infection, they are imperfect solutions at best. And for that a lot of technical skill is required for the average computer user. So here’s what we recommend people do to avoid precipitating ransomware attacks.

Keeping your operating system always up to date, having and keeping a good antivirus up to date, can protect you from many less elaborate ransomware attacks.

Another golden tip and that is also a basic recommendation! Never click on links from unknown senders, even from trusted contacts when they send suspicious files that that person normally wouldn’t send.

Another tip is whenever you open a link see if the link really sends you where it actually says.

So, never miss a backup routine that can be easily automated in the cloud or even on a removable disk drive.


Finally, with each passing day, new means are developed to achieve criminal “income generation”, and for that reason we must be prepared.

However, protecting yourself and keeping your data safe these days is quite a challenge.

For this, many companies have invested in education in the area of ​​cybersecurity, but not only companies have been looking for qualification of their employees. These days, people who handle sensitive data and who don’t want to take a hit at the hands of cybercriminals are also looking for training.

For this, we at Hacker have the CSCU certification developed by the cybersecurity giant EC-Council. This training is designed for people who need to work in front of a computer and who don’t want to be held hostage.

Certifications are seen as building a knowledge base. The Certified Secure Computer User CSCU is ideal for beginners among international certifications, with a primary focus on technical aspects of information security.

In other words, good security knowledge starts with a solid understanding of the fundamentals. Which makes the CSCU as applicable to system administrators as it is to Pentesters.

If you want to be part of the elite of the cybersecurity market, join us.

Leave a Reply

Your email address will not be published. Required fields are marked *