Understanding How Ransomware Operates

Understanding How Ransomware Operates-

Ransomware is malicious software (malware) used in a cyberattack to encrypt the victim’s data with an encryption key that is known only to the attacker, thereby rendering the data unusable until a ransom payment (usually cryptocurrency, such as Bitcoin) is made by the victim.

Cryptocurrency is an alternative digital currency that uses encryption to regulate the “printing” of units of currency (such as Bit-coin) and to verify the transfer of funds between parties, without an intermediary or central bank.

Ransomware is commonly delivered through exploit kits, waterhole attacks (in which one or more websites that an organization frequently visits is infected with malware), malvertising (malicious advertising), or email phishing campaigns.

How to operate Ransomware-

Once delivered, ransomware typically identifies user files and data to be encrypted through some sort of an embedded file extension list. It’s also programmed to avoid interacting with certain system directories (such as the WINDOWS system directory, or certain program files directories) to ensure system stability for delivery of the ransom after the payload finishes running. Files in specific locations that match one of the listed file extensions are then encrypted. Otherwise, the file(s) are left alone. After the files have been encrypted, the ransomware typically leaves a notification for the user, with instructions on how to pay the ransom.