Welcome back to the second half of our two-part article on how ransomware is built to deliver false hope in order to scam businesses harder than hackers have ever scammed before. While ransomware was once grudgingly praised for the innovative integration of cryptography into malware, as it turns out, this is mostly just an illusion. Last time we talked about the rising threat of ransomware, how malware has a long tradition of destroying files, and the way ransomware works once it attacks your computer. Join us again today as we pick up right where we left off with encryption, how it works, and why ransomware uses it.
The big confusion about ransomware is the use of encryption. At first, it was lauded as one of the cleverest upgrades to malware since email attachments but in reality, the only reason encryption is used instead of full-on deletion is to create false hope and the possibility that companies will pay up.
Here’s how it works: Encryption relies on a key, the thing that determines how the files will be encrypted. One of the simplest encryption keys is the backward alphabet where A=Z, B=Y, C=X, and so on. A more complex version might use a specific page of a specific book where A=first letter, etc. The point of the encryption key is that as long as it is sufficiently complicated or impossible to predict, you cannot decrypt anything that has been encrypted without the original key.
When your files are encrypted through ransomware, it’s important to understand that modern encryption software can randomly generate one-time nonsense keys that cannot be decrypted and, if the key is lost, so too is anything that was encrypted with it. This means that unless you get the exact key used to wreck your files, there’s simply no way you’ll be able to get them back. Some hackers will promise to give you the key and a decryption tool but experience has revealed the majority of these promises to be outright lies.
Every modern business deals with a certain amount of technology. From tech companies that consist internally of nothing but professionals at computers to minimally technical industries that still rely on databases and business software to keep everything running smoothly, the need for a secure network and backups of archived business data is universal. When your data is in danger and it looks like there’s a chance of recovering anything that has been lost, most companies will jump through flaming hoops for any either planned or, worse, unplanned recovery method. That is exactly why ransomware is so terrible. The hope of getting your files back after a disaster is often more powerful than the fear of losing them in the first place.
While you may think that your files are being held hostage, your disaster recovery plan is much more reliable than any hacker’s “promise” that you’ll see your files again.
Malware Has Always Wiped Files
To understand the innovation of ransomware, it may help to have a better grasp on the history of malware as a whole. Ransomware is just one of the most recent innovations in a long chain of malicious, invasive software. In fact, while there has been a significant rise in the ability of malware to actually do something like steal credit card numbers or extortion, malware has traditionally been almost completely pointlessly evil. Worms have roamed the web since before the internet unification seeking out vulnerable systems and often infected websites are simply left up to hurt anyone who comes across them.
When an infection is successful, whether it was targeted or random, the malware’s goal is simply to cause pain. Spamware makes your system unusable with constant pop-ups, spyware steals your login information and uses it for fraud or more spam, and many forms of malware despite the name will simply explore your files, deleting or corrupting them as it goes. Hackers have always deleted files for fun and there’s no reason to assume that they’re going to stop now just because they’ve also figured out how to make a little side cash.
What Ransomware Does
When ransomware gets onto your computer, it’s first act is usually to lurk around for a while. During this time, it may finish installing itself, spread from the first computer into the local network, and map all your files. These processes usually happen quietly using background resources and the delay often masks the true infection point, whether it as a bad website, a phishing email, or an actual hacker security breach in which the ransomware was placed on your computer. Continue reading