Simplifying Cybersecurity: What Is Ransomware?

By Sarah Lam |  Jun 7, 2024  | cybersecurity, ransomware, malware, simplifyingcybersecurity

Ransomware is becoming an increasingly common piece of malware used by malicious actors, as it is a relatively ’easy’ way for them to make a quick profit. Despite its prevalence, many are still unaware of what malware is, so this guide will provide a brief overview of what it is, how it works and how you can defend against it.


What Is Ransomware?

Ransomware is a class of malware that encrypts a user’s data on a device, so that the device becomes effectively unusable and the data is lost. The attacker then demands a ‘ransom’, usually in cryptocurrency, for the device to be unlocked and the data restored. Sometimes, the attacker will save the data on the device and will sell that data, even if the ransom has been paid. This is why users are encouraged to never pay the ransom, as it doesn’t guarantee your data being secured/decrypted and it encourages criminals to continue using ransomware to make money.1 These days, ransomware has become such a popular way to make money that Ransomware as a Service (RaaS) is becoming a known phenomenon. Essentially, criminals can pay some fee to a specialised group of cybercriminals, who will then give the other criminals access to a suite of ransomware tools, or even a prebuilt kit. The criminals can then use the ransomware against their desired targets, and pay the service fee as agreed upon.


How Does Ransomware Infect Devices?

Most of the time, ransomware infects devices through phishing attacks or other malicious files. In a phishing attack, a suspicious email or message will be sent to a user, prompting them to click on a link or similar, which will download the ransomware and infect the machine. In other cases, it might be disguised as a piece of legitimate software. This is called a ’trojan horse virus’, or a ’trojan’ for short. It can also be embedded in software/media that has been pirated and is thus at risk of being modified in malicious ways.


How Can You Protect Yourself Against Ransomware?

In short, don’t click on links or attachments in suspicious emails and avoid downloading software from unknown or illegitimate origins. The best way to identify phishing emails are to look out for the common signs which include, but are not limited to:

  • Spelling errors or otherwise poor writing
  • Strange sender email/sender emails that are similar to but not the same as legitimate addresses (e.g. NAB’s official email domain is nab.com.au, not nab.org)
  • Not using your real name and using a generic term instead (‘dear customer’, ‘hi user’, etc)
  • Having a sense of urgency or call to action (‘act now or lose your account’, ‘you must pay now or your account will be locked’, etc)
  • Referencing events that haven’t happened/things that don’t exist (‘you attempted to buy this phone’, ’the deposit to your account was unsuccessful’, etc)
  • Offering rewards that are ’too good to be true’ (‘if you send me your bank details, I can deposit the $10 million’, ‘just click here to win a car’, etc)

These are not ‘guaranteed’ signs of a phishing email: Not every phishing email will have them and not every email with one of them will be a phishing email. With the rise of generative AI, attackers are getting more and more sophisticated and are able to send a larger volume of phishing emails. So ultimately, the best thing to do is stay vigilant and use common sense. If in doubt, err on the side of caution and inquire further or ignore the email, depending on the context.

Below is an example of a scam email that is pretending to be a bank. See if you can spot all of the clues which make it likely to be a scam email.

To: user@yourdomain.com.au
From: hello@ausbank.io

Dear Sir/Madame,

Unfortunately, the deposit of $10 million AUD to your account was unsuccessfull. This is because your account is not a Premium Gold Diamond account and therefour cannot receive quantities of money greater than $1 million AUD.

Please upgrade your account by clicking on this link and entering your credit card details.

Best,

AusBank Customer Support

Conclusion

In summary, ransomware is a type of malware that encrypts a user’s files so that they cannot be accessed, and then the attacker asks for a ‘ransom’ to be paid to decrypt the files. The ransom is usually paid in a cryptocurrency. Despite this, an attacker may still choose to sell or leak the user’s data, so it is always advised to not pay the ransom, as it encourages attackers to keep using ransomware and may make the user a more favourable future target (since they have already paid, they might be more inclined to pay again). Since ransomware typically infects machines through phishing attacks and downloading malicious files, one can reduce the chance of being affected by not clicking on links or attachments in suspicious emails and by not downloading pirated materials, or files with an unknown/untrusted origin.


Banner image credit: Markus Spiske


  1. In fact, this is the advice given by the Australian government (https://www.cyber.gov.au/threats/types-threats/ransomware↩︎

Sarah Lam

MonSec President | Cybersecurity & Cyberlaw Enthusiast
More about me...

Recent Posts

categories

tags