What Is Ransomware?
Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. Ransomware is often designed to spread across a network and target database and file servers, and can thus quickly paralyze an entire organization. It is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage and expenses for businesses and governmental organizations.
How does ransomware work?
Ransomware uses asymmetric encryption. This is cryptography that uses a pair of keys to encrypt and decrypt a file. The public-private pair of keys is uniquely generated by the attacker for the victim, with the private key to decrypt the files stored on the attacker’s server. The attacker makes the private key available to the victim only after the ransom is paid, though as seen in recent ransomware campaigns, that is not always the case. Without access to the private key, it is nearly impossible to decrypt the files that are being held for ransom.
Many variations of ransomware exist. Often ransomware (and other malware) is distributed using email spam campaigns or through targeted attacks. Malware needs an attack vector to establish its presence on an endpoint. After presence is established, malware stays on the system until its task is accomplished.
After a successful exploit, ransomware drops and executes a malicious binary on the infected system. This binary then searches and encrypts valuable files, such as Microsoft Word documents, images, databases, and so on. The ransomware may also exploit system and network vulnerabilities to spread to other systems and possibly across entire organizations.
Once files are encrypted, ransomware prompts the user for a ransom to be paid within 24 to 48 hours to decrypt the files, or they will be lost forever. If a data backup is unavailable or those backups were themselves encrypted, the victim is faced with paying the ransom to recover personal files.
Why is it so hard to find ransomware perpetrators?
Use of anonymous cryptocurrency for payment, such as bitcoin, makes it difficult to follow the money trail and track down criminals. Increasingly, cybercrime groups are devising ransomware schemes to make a quick profit. Easy availability of open-source code and drag-and-drop platforms to develop ransomware has accelerated creation of new ransomware variants and helps script novices create their own ransomware. Typically, cutting-edge malware like ransomware are polymorphic by design, which allows cybercriminals to easily bypass traditional signature-based security based on file hash.
What we can do to protect our systems from ransomware?
Anti-Ransomware quickly detects high volume cyber threats deployed from an external source, isolates the threat, and prevents it from damaging valuable data that is stored on the IBM i while preserving performance. Raz-Lee’s Anti Ransomware software is the first component of iSecurity ATP – a comprehensive advanced threat protection solution for defending IBM i IFS files against ransomware and other kinds of malware that may change and/or harm IBM i IFS files.
This tool has been thoroughly tested to ensure its effectiveness. Learn more about our solution here