Ransomware is a type of malware that has unique things. It will encrypt our data and we cannot access it unless the user pay the ransom to get the data into original again. But, by paying the ransom doesn't guarantee that we will get the data back, it's depend from the attacker. If the ransom attack the system's hard drive, it will be very hard or impossible to decrypt it.
This is what the file looks like when the user attacked by ransomware.
.cerber (Ransomware)
.crypt (Ransomware)
There are 2 types of ransomware: encrypting and non-encrypting.
Encrypting ransomware starts in 1989 and known as "AIDS" Trojan at that time. The attack is similar like nowadays, encrypt the data and need to pay some money in order to receive back the data. But, the first one use a license reason to attack by saying the licence is expired. The malware still going on and evolve until now. One of the well known ransomware attack is CryptoLocker,
CryptoLocker
The way CryptoLocker attack is from email attachment and usually targeting Windows user. When the user click that malicious attachment, the malware will encrypt the file and show a message that if the user want to decrypt the data, they must do the payment using bitcoin or voucher in limited time. If they cannot do it, the key for decrypt will be deleted by the attacker and the file cannot be recover anymore.
Non-encrypting ransomware starts in 2010 and at that time it known as WinLock. From the type of attack, we know that the attack did not encryp the data, it restrict access to the system and show pornographic stuff. To get the access to the system again, they must send a SMS that cost more than normal price to get the decrypt key.
WinLock
Nowadays, the ransomware evolve into one of the most dangerous malware and luckily, we actually can recover some type of ransomware attack,like HitmanPro.Alert, BitDefender Anti Crypto Vaccine and Anti-Ransomware and so on.
It is not really hard to prevent it, but sometimes human can make mistake and not suspicious enough for any suspicious things like email attachment that looks promising but actually contain some malware and so on.
To prevent your data from ransomware, always back up your data frequently. So if one day your pc get attacked by ransomware, you already have the back up data and no need to worry about the data that already encrypted. Also use some software to recover any data from ransomware even though it only works for some type of ransomware.
Reference:
Tidak ada komentar:
Posting Komentar