Last Updated on by SCARS Editorial Team

SCARSSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit www.AgainstScams.org to learn more about SCARS.™ CYBER BASICS: RansomwareRansomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan virus disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.

Ransomware Is A Multi-Billion Dolar Industry

This document is written for more technical readers.

Ransomware is malwareMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts. that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransomRansom A ransom is an amount of money or other assets of value that is paid for blackmail, extortion, or under other threats or coercion. The ransom is usually paid in cash or now in cryptocurrency. Online blackmail, sextortion, and ransomware all demand ransoms to avoid negative outcomes..

HOWEVER, THIS IS NOT GUARANTEED AND YOU SHOULD NEVER PAY!

What Is Ransomware?

Ransomware is a type of malware that prevents you from accessing your computer (or the data that is stored on it). The computer itself may become locked, or the data on it might be stolen, deleted, or encrypted. Some ransomware will also try to spread to other machines on the network, such as the Wannacry malware that impacted the NHS in May 2017.

Normally you’re asked to make a payment (often demanded in a cryptocurrency such as Bitcoin), in order to unlock your computer (or to access your data). However, even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files. Occasionally malware is presented as ransomware, but after the ransom is paid the files are not decrypted. This is known as wiper malware. For these reasons, it’s essential that you always have a recent offline backup of your most important files and data.

Should I Pay The Ransom?

Most entities generally advise not to pay the ransom, as there is no guarantee that you will get access to your device (or data).

Using A Defense In-Depth Strategy

Since there’s no way to completely protect your organization against malware infection, you should adopt a ‘defense-in-depth’ approach. This means using layers of defense with several mitigations at each layer. You’ll have more opportunities to detect malware, and then stop it before it causes real harm to your organization. You should assume that some malware will infiltrate your organization, so you can take steps to limit the impact this would cause, and speed up your response.

Getting Help – Helping Yourself

Interpol has collaborated on the creation of a central repository website for unlocking Ransomware at: www.nomoreransom.org

DECRYPTED RANSOMWARE