Introduction
As cyber security threats continue to increase and evolve in complexity in the 21st century, all organizations globally are finding antivirus installation necessary. Among the most cyber threats affecting computer systems of most organizations today is ransomware. Ransomware is a computer virus that modern cybercriminals use to limit users from full or partial access to their computers. Until the victim pays a specific amount of money to the attackers within a particular time, cybercriminals can use the virus mentioned above to access the user’s sensitive personal or organizational information. They can temporarily block computer screens or specific files and send threats to information owners to get conditional payments. Ransomware is a 20th-century invention that continues to pose a threat to many computer users globally today. This essay will explore the historical overview of ransomware cyber threats’ functioning, evolution, and prevention.
Historical Overview
Ransomware was invented and implemented by Young and Yung at Columbia University and presented in 1996 at the IEEE security and privacy conference. The first version of the virus was AIDS Trojan, which happened in 1989 (Richardson & North, 2017). Since then, the ransomware scam has grown globally, and victims have lost millions of money. A Trojan is disguised as a legitimate file that the user can download or open when it arrives as a notification. Cyber-attacks have risen and evolved over the past few years. Payment is usually the attackers’ goal, and the victim is forced to pay to get back their files. The attacker has a convenient paying system that is hard to trace.
How Ransomware Works
Although ransomware attackers mainly target individual users, they might start targeting organizations soon, considering the speed with which cybercrime is evolving and increasing recently. Noteworthy, ransomware can enter a computer through messages and emails claiming to contain files with essential details sent from fake sources. These files can entice the user to download and click on specific links or botnets, after which the computer becomes infected with the ransomware. This malware can occur in two forms, either encrypting or locker ransomware (Srinivasan, 2017). The former contains complex algorithms that block users’ system files and demand a ransom for decryption keys. Examples of encrypted Ransomware include Locky, Cryptowall, and crypto locker. The latter ransomware limits the user’s complete access to their operating system by locking their apps or files. Although cybercriminals do not close the computer files or apps through encryption, they still demand a ransom payment. Common examples of locker ransomware viruses include win locker or police-themed ransomware.
Characteristics of Ransomware
Ransomware has several unique features that differentiate it from other malware. For instance, the victim cannot decrypt encrypted ransomware because the attacker owns and controls the access keys. Further, the Ransomware virus can affect all computer files, including pictures, documents, audio, and videos. Ransomware can shuffle the victims’ computer files, making it difficult to differentiate between safe and infected ones. This virus ensures the victim knows there is an encryption attack on their information and that they have to pay the required amount to access their files (Richardson & North, 2017). In addition, the users of the attacked computers face the risk of losing their data or paying more ransom if they make payments within the given timelines. Since the attacked computers are incorporated into the botnets, the attackers have more infrastructure to conduct more cyber-attacks in the future. Ransomware can spread to other computers using the same network, thereby damaging more operating systems. Ransomware can give cybercriminals access to sensitive information saved in the victim’s computer. Sometimes, the virus can send ransom messages to the victim in their national language, where the attack is geographical.
Method of Transfer and Execution of Ransomware
Successful entry and execution of a ransom virus in a target computer consists of a process of five phases. The infection and exploitation phase occurs after the successful installation of the ransomware in the target computer. Then, attackers execute the ransomware virus in the target computer through an exploit kit and Phishing techniques. The next phase involves delivering executable forms of malware into the victim’s operating system to enable a cyber-attack. In phase 3, the virus removes any backup folders or files in the computer system to prevent the victim from restoring the target information after the execution of an attack. After deleting the backup files, the target data in the computer system is encrypted using Ransom keys to limit the victim’s access (Mohurle, & Patil, 2017). After completing the above four phases, the notifications demanding ransom payments with a specific timeline display on the victim’s computer screen. If the victim exceeds the given timeframe, the ransom increases, or the attackers destroy the data.
Evolution of the Ransomware Threat
Recently, the threat of ransomware has been gradually changing targets and modes of execution. The transfer of ransomware with time thus has evolved, and it aims in desktop computers and less on mobile phones. Crypto-ransomware transfers data, thus restricting the user from accessing their data. File encryption ransomware involves symmetric encryption and asymmetric for decryption (Maurya et al.2018). The transfer is not only based on applications and emails but also activated in offline systems. Over the past few years, organizations that are not IT-based, such as hospitals. Such organizations are becoming attractive to cybercriminals because they have less knowledge about cybersecurity. In addition, the methods of transferring ransomware are evolving. Today, clicking on online adverts exposes one’s device to the threat of ransomware.
Preventive Measures
Ransomware threats are on the rise and affect people and organizations adversely. Detection alone is not an adequate measure in recognizing and cubing these effects, and thus, people should ensure responsible and secure use of computers and smartphones. Since ransomware works to achieve the aim of stealing data from computers, it is challenging to detect. Therefore, one should avoid clicking on links from unknown websites and disclosing personal information to stay safe. Those who plan the ransomware attacks try to access one’s personal information by calling or sending messages to the target users. When one notices such statements or receives such calls, they should avoid sharing any information from an unknown source (Richardson & North, 2017). Constantly update the programs and operating systems up to date to prevent cybercriminals from taking advantage of the vulnerability of the systems. It is safer to refrain from only downloading programs, files or adhering to messages from suspicious sources. When using public Wi-Fi, the computer is more vulnerable to cyber-attacks. Therefore, one should secure their computers with VPN services or avoid using public networks.
Conclusion
Finally, ransomware is increasingly becoming a typical cyber threat to individual and organizational computer systems. Since the first version of the malware mentioned above, organizations and personal computer users have lost valuable information and millions of money to cybercriminals since the invention and introduction. Ransoware makes personal or organizational information inaccessible to the owners by either blocking or locking the files or applications through encryption keys. After successful encryption, the attackers use the malware to extort money from the victim to exchange the encryption keys. In the past, personal computers were the main targets of ransomware attacks, but today operating systems of organizations and smartphones are vulnerable to this cyber threat. Therefore, people and organizations ought to take some preventive measures to stay cyber-safe, including refraining from downloading or clicking links from suspicious sources.
References
Maurya, A. K., Kumar, N., Agrawal, A., & Khan, R. A. (2018). Ransomware: evolution, target and safety measures. International Journal of Computer Sciences and Engineering, 6(1), 80-85.
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017. International Journal of Advanced Research in Computer Science, 8(5), 1938-1940.
Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10.
Srinivasan, C. R. (2017). Hobby hackers to billion-dollar industry: the evolution of ransomware. Computer Fraud & Security, 2017(11), 7-9.