Ransomware is a dangerous extortion tool used by cybercriminals
We have a new cyber plague called ransomware – malicious software that helps attackers to gather money illegally by demanding a ransom. Ransomware itself is not a very new phenomenon – this way to rob people of money has been used quite widely since 2012, but it has grown significantly in the past few years.
If you happen to not know, ransomware works by infiltrating into its victim’s computer using a Trojan – a malicious file that disguises itself as a good one. Then, all the files in the user’s computer are encrypted.
Afterwards, the malware demands a ransom to be paid in order to decrypt the files. However, even when the money is paid, there are no guarantees that the victim will get everything back. Also, why would you want to fund the bad guys?
The most fearsome ransomware versions of 2017 that are still active
The latest Locky ransomware variant is also known as Ykcol for encrypting files and adding .ykcol extension. Nevertheless, these two are completely the same. It was created in 2016 and became widely spread in 2017. The source of the infection is usually an email attachment.
The email is presented as an invoice, which the user has to pay. Unfortunately, there is a macro in the attached word document. When you open the file, you can’t see any comprehensible text except for “Enable macro if data encoding is incorrect”. If you do that, the ransomware can finally fulfill its purpose by encrypting your files.
Your files then have .locky or .ykcol extension. A message shows up, saying that the victim must download the Tor browser, go to a suspicious page and pay the hackers from 0.25 to 1 Bitcoin. At the moment, one Bitcoin is worth about 3300 Euros.
Once again we can blame email attachments. Cerber is a piece of ransomware that encrypts the victim’s files and marks them by adding .cerber, .cerber2, .cerber3, .a48f or similar file extension. It is spread similarly to the Locky ransomware – the victim gets an email with a malicious attachment, which can be in .doc, .zip, .pdf, or a similar format.
Once activated, the ransomware starts working the next time the computer is turned on, and performs a few actions to encrypt all the data. Currently, the price for decryption is 1.25 Bitcoin.
Dharma is actually not a single piece of ransomware, but rather a group that uses the extensions of .cezar, .cesar, .dharma, .onion, .wallet, .zzzzz, and .arena, the most recent one. As you can see, the well-known ransomware Cesar belongs to this group.
Unlike Locky and Cerber, Dharma requires the victim to contact the hackers via email (currently, it is email@example.com).
Typical ransomware distribution channels
Ransomware usually spreads via email attachments. It can also come with infected software, USB, and even unsafe web pages. A malicious advertisement (like a banner or pop-up) can also be responsible for such an attack. However, some attacks are known to have been implemented via unsafe RDP (Remote Desktop Protocol) connections.
The hackers demand the decryption payments to be made with cryptocurrency so that their identity could not be discovered.
The best ways to protect yourself from ransomware
It is very important to be careful on the Internet, especially when dealing with email letters. Remember to never open an email attachment if it comes from an unknown sender. However, sometimes ransomware letters look legitimate because the sender disguises as a company you know. So, open the files attached only if you have been expecting such an email.
What is more, stay safe by avoiding suspicious ads when browsing. Also, download only legitimate software and avoid using file sharing sites as they may contain malware.
However, the best method is possessing a high-quality anti-malware tool that would have the means to detect and remove infected files. You can find a lot of reviews of security tools on Reviewedbypro.com. It will help you choose the best antivirus program.