Ransomware – CompTIA Security+ SY0-401: 3.1

Ransomware is a specific kind of malware that goes directly after your wallet. In this video, you’ll learn some of techniques that ransomware uses to get your money.

<< Previous Video: BotnetsNext: Polymorphic Malware >>

A type of malware that’s getting very good at removing people from their money is ransomware. This is where the bad guys want your money, and they’re going to lock down your computer until you give them exactly what they want. In some cases, this may be actually a fake ransom like the one we see here where you’ve got a Federal Bureau of Investigation label.

It tells you that you’ve been going to inappropriate websites, that you have inappropriate information on your hard drive. It even tells you that spam messages with terrorist motives were sent from your computer. And of course, none of these are probably true. But they’re scaring you now into saying that you have a big problem that you can simply solve by sending them some money, a fine of $200. That actually doesn’t sound very much for all of these bad things that I did, but who am I to argue? I’ll simply go to one of these locations, put together a money pack, and send the bad guys the money pack.

This is becoming a very effective form of malware because it’s scaring people enough who really don’t understand what they’re seeing, and they’re sending the bad guys the money in the hopes that that will then remove this particular warning from their computer. This type of warning and these messages may be something that could be easily removed, however. You’ll need to take a system to a trained professional or be able to find out more about this specific form of ransomware to know whether it’s something that can be easily removed or not.

The newest generation of ransomware, however, cannot be removed easily from your computer. In this particular case, the bad guys are encrypting the data on your computer but leaving your computer able to work properly except now all of your data is no longer available to you. They are encrypting every single bit of your personal files and leaving the entire operating system intact. This is because they want the operating system to continue to operate normally. They want you able to go through the entire payment process so that you can then send them the money that they’re wanting.

And at that point, ideally, the bad guys are going to send you the decryption key. This is often combined with a countdown timer. So unless you’re able to send them the money within a particular time, all of your data will be inaccessible to you forever. This is using public key cryptography. So this is not something that can be easily decrypted. In some cases, if you don’t want to pay this particular fine, you would pretty much have to delete everything on your computer and restore from backups. If you don’t have backups, then you probably have a difficult decision to make. You either send the bad guys the money that they’re asking for or you decide that you’re never going to see this data again.