image1

What is Ransomware?

Ransomware is a type of malicious software which disables the functionality of the computer to access files, databases, or applications when run. The virus displays a message demanding money in order to restore functionality. In short, the malware holds the computer ransom which means that the ransomware is an extortion racket. Ransomware is often designed to spread across a network and target database and file servers, and can thus quickly paralyze an entire organization.

How does Ransomware Work?

This malicious software has evolved over time, getting more efficient. The most recent evolution locks the computer display and does not allow the user to access any programs. This is done by dropping and executing a malicious binary on the infected system which then searches and encrypts valuable files. The ransomware may also exploit system and network vulnerabilities to spread to other systems and possibly across entire organizations.

Afterwards, the computer shows a message asking for a ransom to be paid within 24 to 38 hours to restore the encrypted files and the computer. Usually, the message claims to be from a branch of local law enforcement. To make the message more credible, logos are used. The people who are not aware of these scams or who just want to restore access to their computer pay a certain amount of money.

However, even if you pay the sum the computer’s functionality won’t be restored as the only way to do so is by removing the malware.

image1

image1

How to Prevent Ransomware?

Create an inventory of your data

Identify where ransomware infections might come from

Create a ransomware data recovery plan

Protect your backups

Duplicate data offline or offsite

How to Recover Ransomware Encrypted Files?

Restore your systems from backups

Windows System Restore utility

Windows individual file versions restore

Data recovery software

Ransomware decryption tools

 image1

Back to top

Ransomware

Francesco Angelo Fantozzi

 next article