What ransomware means. A clear explanation

WannaCry has brought ransomware into the limelight, everyone fears it but perhaps not everyone understands what it is. Let's see what it means and how to defend yourself

The technique of using viruses and malware to "hold" a computer hostage and demand a ransom is years old (about thirty, more or less, if you trace the first such attack back to 1989) but it's only at the turn of 2016 and 2017 that ransomware (literally "ransom virus") rose to global prominence.

Merit (or fault, depending on your point of view) of viruses like WannaCry, which in May 2017 was able to infect hundreds of thousands of computers (between 200 and 300 thousand, according to some estimates) within a few hours. Although the intervention of a British cybersecurity researcher stemmed the spread of the ransomware virus, it was considered by many industry experts to be the worst cyber attack in recent years (if not of all time): in terms of the speed of contamination and the scale of the attack, WannaCry seriously endangered the operation of public offices, hospitals, assembly lines and factories.

What is ransomware

To understand the dangerousness of this type of computer virus, it is necessary, first of all, to understand what they are and what ransomware means. As mentioned, the literal translation from English is "ransom virus", a definition that somehow already helps us understand how it works. This family of malware - there isn't only one type of ransomware virus, in fact - is capable of blocking the operation of the computer, either by making the user fail to log into his user profile (usually showing an FBI or State Police alert) or by using encryption to make files inside the hard drive unreadable (these ransomware are called cryptolockers, since they use encryption to lock files). WannaCry, just to give an example, belongs to this second category.

How ransomware spreads

Email is the preferred distribution channel for hackers. In particular, cyber criminals deploy increasingly elaborate phishing campaigns to trick users into "forcing" them to download the ransomware virus and install it on their computers. Like any other phishing campaign, the malware self-replicates and spreads across the web, exploiting the infected computer's email address book.

How ransomware works

Although the end result is the same - locked and unusable computer - the way the ransomware virus works varies depending on the family of malware infecting the computer. In the case of what is called "Police virus"), the ransomware blocks access to the computer system by displaying a fake notice from the Postal Police or the FBI, asking for a sum - usually not too high - to unlock access to the device. In the second case, that of WannaCry-style cryptolockers, the user will still be able to access his computer, but the files (text documents, movies, music files and even folders) will be encrypted and therefore unusable. Also in this second case a ransom payment will be required to obtain the unlocking key of the cryptographic algorithm.

Users will also have a certain amount of time (usually a week, sometimes less) to pay the ransom: otherwise hackers will not provide the unlocking key and the only solution will be to format the computer.

What happens if you don't pay?

Although it may seem the simplest and most immediate solution, paying the ransom is never the best solution. This would only fund the network of malicious people who make money from these types of hacker attacks. There is no assurance that the hackers will actually provide the unlocking key: it might even happen that the criminals "run away with the loot", leaving the user with no files and no money.

How to defend yourself against ransomware

If you wonder how to avoid ransomware, the answer is simple: just don't download it from your email and install it on your computer. It is necessary, in short, to be a bit careful when surfing and not to download files from unknown senders or sites. To defend yourself from ransomware, it is equally important to constantly update your computer's operating system and install an antivirus that can detect malware before it infects your device. It is also essential to have a backup to restore your PC in case you fail to block the ransomware infection in advance: this will allow you to have a copy of all the files on your hard drive without having to pay the ransom.

It is therefore important, for individual users as well as even more important for companies, to read a guide to ransomware, to know what it is, how to get it and how to defend yourself by removing the virus from your computer and decrypting your files. Thanks to a prevention made of risk awareness you can avoid being attacked by ransomware and having to pay a ransom among other things without the certainty of recovering the lost files.