What is Ransomware?
Ransomware is a kind of malware that is developed to block access to the computer system and encrypt all the files on a device. It is mostly spread in devices via malicious attachments, phishing emails, compromised websites, software vulnerabilities, and weak remote desktop protocols (RDP). Further, hackers often demand, usually in cryptocurrencies such as Bitcoin for a decryption key or system access. Once malware is accomplished in the system or device, it begins encrypting files and locking the system along with displaying a ransom note with payment instructions and threats. Additionally, this kind of attack can severely disrupt personal users, businesses, and critical infrastructure which is highly damaging to the financial status of the industries, operational downtime, and reputational damage. Apart from this, organizations and individuals can protect themselves by maintaining regular backups, applying software updates promptly, using strong passwords and multi-factor authentication, educate users about phishing and cybersecurity hygiene.
How does Ransomware work.?
Workflows in a system:
Infection:
It moves into the system by malicious email attachments or links (phishing), exploited software vulnerabilities, remote desktop protocol (RDP) brute force attacks, and infected downloads and websites on the device.
Execution:
When entered into the device, it silently runs and encrypts files, and also renames file extensions (for instance- .docx becomes .locked).
Notification:
After the execution process and encrypts files, it displays ransom notes on the screen and demands payment in Bitcoin etc).
Impact:
After all the processes, the system will be partially or fully locked, data will be unusable until when the ransom isn’t paid.
Impact of Ransomware on a Computer System:
This malware damages numerous factors in the system such as data loss through the files are encrypted, system downtime so users can not access the system, financial damage for recovering, and security breaches.
| Type | Description |
| Crypto Ransomware | Encrypts files and demands payment to decrypt them. |
| Locker Ransomware | Locks the victim out of their entire device (not just files). |
| Scareware | Fake software that demands money for “removing” a non-existent virus. |
| Doxware/Leakware | Threatens to release stolen data if ransom isn’t paid. |
| Ransomware-as-a-Service (RaaS) | Pre-made ransomware rented or sold on the dark web to cybercriminals. |
Real-World Impact: A Case Study on Ransomware:
According to the worldwide reports, some ransomware attacked on the businesses for instance:
UK’s National Health Service (May 2017)
Ransomware family: WannaCry
Attack Vector: This malware attacked on Windows vulnerability (EternalBlue).
Negative Impact: Affected more than 230,000 computers in 150 countries across the world.
Ransom demand: $300-$600 in Bitcoin.
Conclusion to this attack: NHS(UK), Renault and FedEx – Estimated global damage of more than $4 billion.
Colonial Pipeline Attack (May 2021)
Ransomware family: Darkside
Attack Vector: Stolen password to VPN account in the system.
Negative Impact: The largest fuel pipeline in the U.S. shut down, and also caused fuel shortages and panic buying.
Ransom Demand: $4.4 million from the industry
Conclusion to this attack: Focused on vulnerabilities in U.S. critical infrastructure.
Costa Rican Government Attack (April–May 2022)
Ransomware family: Conti
Negative impact:
attack on multiple ministries, including Finance and Health.
Disrupted tax collection, import/export, and healthcare services.
Ransom Demand: $20 million.
Conclusion to this attack: Worst ransomware attack on a government at that time.
Found this article interesting? Follow us on X and LinkedIn to read more exclusive content we post.
