What is Ransomware 

Ransomware is a type of malicious malware that takes hostage a victim’s data or a device hostage until there is some type of monetary exchange.  Ransomware has generally been designed to block access to a computer, or files, until there is a typical monetary payment.  In many cases where the ransom has been paid, the data is generally provided back to the victim.  Unfortunately, that also means that the hackers will also have the data they had access to; and potentially sell the information on a digital “Black Market”.   

In recent years, Ransomware attacks have evolved to include double-extortion and triple-extortion attacks, which will considerably raise the amount to pay to get your data back.  Worse, after paying the ransom is that sensitive data is probably released anyway. 

Ransomware victims and negotiators are very reluctant to disclose ransom payouts as they can influence the future amounts.  For schools and companies, the cost can start at 1 Million to 9 Million based on the organization.  In 2023, Ransomware attacks were estimated to cost 30 Billion USD. 

AIDS Trojan: The First Ransomware Attack 

A black and white floppy disk

Description automatically generated

While Ransomware is a huge issue now, the first known Ransomware occurred in 1989.  AIDS, now known as Human Immunodeficiency syndrome (HIV),  was created by a Harvard taught biologist Joseph Popp and deployed in December 1989.  The Internet was very much in its infancy at this time, and not as accessible to most people.  Joseph, using a stolen mail subscriber list for the World Health Organization AIDS conference and PC Business World magazine.   

Popp deployed the ransomware via floppy disks. The label on the disk was  just “AIDS Information Introductory Diskette”, and to contain “surveys” meant to determine a person’s risk of contracting AIDS.  The malware activated around the 90th boot and encrypted the names of the files and displayed the ransom note:  “It is time to pay for your software lease from PC Cyborg Corporation. Complete the INVOICE and attach payment for the lease option of your choice“; and to also pay $189 to a P.O. box in Panama. 

Modern Types of Ransomwares 

There are primarily two general types of Ransomwares:  “Encrypting Ransomware” or “Crypto Ransomware”, which will hold data hostage by encryption.  The attacker then demands a ransom in exchange for providing the encryption key needed to decrypt the data. 

Another form of Ransomware known as “Non-Encrypting Ransomware” or Screen-Locking Ransomware, which locks the victim’s entire device by blocking access to the Operating System.  Instead of starting up as usual, the device displays a screen that makes the Ransom demand. 

Known Subcategories of Ransomware are (as of now)

A computer with a faucet and a drop of water

Description automatically generated

  • Leakware/Doxware  – Ransomware that will steal or exfiltrates sensitive data with the intent to publish it.  While earlier forms of Leakware or Doxware often stole data without encrypting it, modern variants often will do both. 
     
  • Mobile Ransomware - Includes all ransomware that affects mobile devices. Delivered via malicious apps or drive-by download, mobile ransomware is typically non-encrypting ransomware because automated cloud data backups, standard on many mobile devices, make it easy to reverse encryption attacks. 
     

A blue broom with a blue handle

Description automatically generated

  • Wipers or Destructive Ransomware -  Will threaten to destroy data if the ransom will not be paid.  In some cases, the ransomware destroys the data even if the ransom is paid. This latter type of wiper is often suspected to be deployed by Nation-State Actors or Hacktivists rather, than cybercriminals. 

    A screenshot of a computer error

Description automatically generated
  • Scareware – “Ransomware” is a type of malware attack that claims to have detected a virus or other issue on a device and directs the user to download or buy malicious software to resolve the problem.  Generally speaking, scareware is the gateway to a more intricate cyberattack and not an attack in and of itself. 

What is Spyware 

Spyware, although it sounds like a James Bond gadget, is actually a type of Malware that will infect your computer or mobile device to track what you are doing online.  Essentially, software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive. 

Different types of Spyware use different methods to collect the data.  This can include infiltrating devices, monitoring web activity, recording keystrokes, hacking your webcam and/or microphone, GPS tracking, and screen capturing.   

Spyware can also execute invasive criminal activities with the intent of collecting your data, because Spyware works in secret to capture, they want and then delete itself from your computer and generally not detected. 

Spyware can: 

  • Infiltrate your devices: spyware can infiltrate your device by malicious email attachments, website links, and utilize on software vulnerabilities.  Having a good antivirus software, that is also up to date, is important to keep your device protected. 
      
  • Steal your data: Spyware can use a variety of techniques to steal all kinds of personal sensitive data, such as financial information, social media logins, other accounts with sensitive data, and biometric information. 
     
  • Supply data to a third party: Spyware can collect data on your Internet activities and sell that information to third-party advertisers will use some type of spyware to collect your data.  
     
  • Essentially, it is your data that the criminals, advertisers, and unscrupulous governments are looking for your information to exploit. 

The types of data Spyware that can be collected
 

  • Browsing Activity:  Spyware can install itself as a browser extension to collect what you are doing one-line. 
     
  • Login Details: Keyboard loggers (“Keyloggers”), can collect your password and account information without your knowledge. 
     
  • Confidential Information: Credit card information, Banking information and logins, Social Security Numbers (SSN); etc.  
  • Others: Calls, Texts, video chats, and Biometric information.  

A white bug in a blue circle

Description automatically generated Types of Spyware 

  • A logo of a computer

Description automatically generatedAdware – Can display unwanted ads, track user activity, and collect personal data for advertising purposes. It’s often bundled with free software downloads and installed without user knowledge or consent. 
     
  • A blue circle with a white keyboard

Description automatically generatedTrojans – Designed to appear like a normal program. However, once installed to your device trojans can monitor your activity, log keystrokes, record your screen, and potentially steal sensitive data. 
     
  • Keyboard Loggers – Designed to record your every key stroke made on a keyboard.  This can include passwords, login details, messages, credit cards and other sensitive information. 
     
  • A white logo on a blue circle

Description automatically generatedMobile Spyware – Designed to target Mobile Devices.  Along with the conventual methods Mobile Spyware can spread through infected text messages.  Mobile Spyware can capture texts, capture your email, record your calls, track your location, and steal sensitive information. 
  • Password Stealer –  Designed to steal login credentials.  This will include usernames, passwords, online banking, email, social media; etc.  
  • System Monitoring – Software designed to track your computer activity, including keystrokes, downloads, browsing history.  
  • Cookies – Small files left be websites on a device that can track user activity and habits.  Advertisers use cookies to generally send target ads.  This data can be sold to 3rd parties without your consent. 
     

How to detect and Potentially Remove 

Spyware is generally difficult to detect, even to Security software such as antivirus.  Generally, when a device is infected, there are some tell tales: 

  • A computer screen with a snail on it

Description automatically generatedComputer slower than normal: It is generally suspicious when your computer or device suddenly is very slow with a small number of items open.  Consider using software such as a PC Cleaner tool to see if the performance gets better.  If not, you may still have a spyware infection. 
     
  • Excessive Pop-Ups: if you are experiencing a significant number of pop-ups, even not browsing, your device may be infected with Spyware.  This is also an indication that potentially the pop-ups will be fed from many sources to send invasive ads. 
     
  • New Toolbars, Search Engines, or Home Screens:  If you didn’t authorize a new download, or installations, it might be a Spyware infection.  Make sure that the toolbar looks like your expected toolbar to ensure you are not using a compromised toolbar.  Pay attention to not just the Computer Toolbars, but also the toolbars within software.  Regularly scan your device with a product that has a Browser Cleaning Tool. 

What is Malware 

“Malware” is a collective term used to describe any type of software built with malicious intent; or code or software built with malicious intent.  Malware will include Viruses, Ransomware, Spyware, Trojans, any type of code injection or software with malicious intent.  The malicious intent is what characterizes the definition of Malware.   

It is the malicious intent that defines and characterizes the malware definition.  The meaning of Malware is the damage it can include on a computer, computer systems, servers, or network.  It is he how and the why that separates one type of malware from the rest. 

Malware - Free security iconsMalware attacks can crack weak passwords, go deep into compromise systems, spread through the networks, and disrupt the general daily operations of an organization or personal devices.  Some malwares can lock files, send spam with ads, intentionally slow your computer down, identity theft, fraud,  or redirect you to malicious websites. 

Signs of a Malware Infections 

  • A blue rectangle with black text and blue rectangle with black text

Description automatically generatedSudden performance drops: Malware can occupy a lot of your devices’ processing power, and resulting in severe slowdowns. This is why removing malware is one way to speed up your PC.  
     
  • Frequent crashes and freezing: Some malware will cause your computer to freeze or crash, while others will intentionally cause crashes by consuming too much of your Computer Memory (RAM); or intentionally driving up the Central Processing Unit(CPU) to overheat the computer.  In general, sustained high CPU may be a sign of malware.  
     
  • A black and white website

Description automatically generatedDeleted or corrupted files: Malware often deletes or corrupts files as part of its plan to cause as much chaos as possible. 
     
  • Lots of pop-up ads: Adware is designed to SPAM you with pop-ups.  Other types of malwares may cause pop-up ads and alerts as well.  
     
  • Browser redirects: If your browser keeps sending you to sites that you aren’t trying to visit, a malware attack may have made changes to your DNS settings. 
     
  • Your contacts are receiving strange messages from you: Some malware spreads by emailing or messaging victims’ contacts.   Secure Messaging Apps can help protect your communications from eavesdroppers. 
     
  • A screenshot of a computer error

Description automatically generatedYou see a ransom note: Ransomware wants you to know it is there as it will take over your screen with a ransom note demanding payment to get your files back. A ransom note is an easy way to tell what malware is on your computer: it’s ransomware. 
     
  • Unfamiliar apps: Malware can install additional apps on your device. If you see new programs that you didn’t install yourself, it may be the result of a malware attack. 
  • Ways to Protect Your Self:  
  •  Visit secure websites, and ensure that you see the padlock icon in the browser as that will give an indication that the site you are looking to go to is protected. 
       
  • Enable Two-factor Authentication to protect your account from being compromised when needed.   
  • A red sign with white text

Description automatically generatedUse an Ad blocker.  Ad blockers are generally included with Apple Safari, Google Chrome, Microsoft Edge, along with Anti-Malware software.  Ad blockers can examine web scripts, and compare with known lists of bad ads to block while browsing the Internet.  
  • Do not click on unknown links as they can potentially lead you to fake websites, malicious code, and ransomware. 

Data privacy Icons | Free DownloadPrivacy Implications such as Spyware, and other malware can be harvested for identity theft, such as Social Security Numbers (SSN), personal addresses, and private communications.  Unauthorized access to sensitive information means that Cybercriminals can monitor a significant amount of your information with can include your activities, interests, relationships, location, and much more.  

Ransomware, Spyware, and Malware pose a strong risk that can expand beyond the Internet and your computing devices.  These three compromises can have a dramatic impact on financials along with personal security and privacy.  The potential consequences only emphasize the importance of having strong  Cybersecurity measures. 

Ransomware Icon Style 7881182 Vector Art at VecteezyFinancial implications can lead to significant financial losses.  This can be from fraudulent purchase, credit card fraud, and data loss and restoration.  Indirect cost can be caused by the loss of productivity, legal fees, reputational damage, and the loss of customer trust. 

Image result for Info Security IconSecurity Implications can occur if you are a victim of a malware infection that leads to unauthorized access withing the organization. This can include infecting your personal files and/or work documents that will likely put your data at risk.  Confidential information and intellectual property can either be held hostage, exposed, or destroyed.   

Worse, if the cyber threat exploits a vulnerability in your network and systems when the attacker may be able to take control of your devices and turn them into bots that will be participating in larger attacks with you maybe not even knowing it.  

The ability to detect and know the differences between Ransomware, Spyware, and Malware is important as they have become the major ways to be hacked.  Each type of has its own specific risks to an organization or person.  Understanding the differences can give you a better sense as to what you may be impacted by, and to know how to prevent yourself from a data compromised. 

By Dave Broucek, Trusted Advisor and Cybersecurity

Categories:

Tags:

Comments are closed