What is Ransomware icon

What is Ransomware?

Ransomware is malware designed to deny access to a user’s computer and its data until a fee is paid. The ransomware does this by encrypting all the data on the user’s computer. This malware is typically delivered through a phishing email, which contains a link that, when clicked, delivers the ransomware payload onto the user’s computer. Ransomware first gained attention in the late 80s and was implemented using basic cryptography, which when it worked, set off a new world of cyber criminals, where corporate networks were targeted.

How does Ransomware work?

This malware essentially locks the users’ computer by running a payload, which locks the user’s computer until a ransom is paid to unlock it. This extortion may not end after the fee is paid. If the user has files that are deemed important, they should back them up on a separate, remote drive in case of an attack. When the ransomware is deployed, the files on the user’s computer are typically locked or encrypted and the fee is usually paid in a virtual currency, which is usually untraceable.

Ransomware History

The first known ransomware attack was deployed in 1989. The very first known malware extortion was called the AIDS Trojan, aka PC Cyborg. This low-tech malware was distributed in over 20,000 floppy disks to AIDS researchers. It hid files on the drive and encrypted the file names, displaying a message to the user that their license to use a specific type of software had expired. As a ransom, the user was asked to pay $189 USD to receive a repair tool. The decryption tool was easily extracted directly from the code of the Trojan, rendering the malware flawed because it was not necessary to pay the extortionist.

Ransomware Attacks

The NHS was hit by a targeted ransomware attack on May 12, 2017, so it is possible that even ultra-secure government organizations are vulnerable to such attacks. Ransomware attacks computer systems in one of two ways: the first way is that it encrypts the files on a computer or network; and the second attack focuses on locking the user’s computer. Some forms of this malicious software can even spread like a worm and infect other users on the network, damaging files. Even after paying the ransom, there is no guarantee that the user’s files will be undamaged or that the issue will go away. Paying the ransom may even embolden the cyber criminal to try and get more money out of the target.

How do I protect myself from Ransomware?

  • Make sure to backup your data and have a recovery plan in place in the event of a successful ransomware attack.
  • Have up-to-date endpoint security software in place and be sure to do a fine scan of anything downloaded directly from the internet to verify it’s virus-free.
  • When using processing programs, such as Microsoft Word, be sure to avoid enabling macros, since the macro languages are embedded in the documents. If the applications are allowed to run when the documents are open, the user may accidentally execute the malware on the machine through the embedded code.
  • Be sure not to download files from the internet that are not authenticated, such as unsolicited web links in emails.

How Check Point Can Help

Check Point’s Anti-Ransomware technology uses a purpose-built engine that defends against the most sophisticated, evasive zero-day variants of ransomware and safely recovers encrypted data, ensuring business continuity and productivity. The effectiveness of this technology is being verified every day by our research team, and consistently demonstrating excellent results in identifying and mitigating attacks. SandBlast Agent, Check Point’s leading endpoint prevention and response product, includes Anti-Ransomware technology and provides protection to web browsers and endpoints, leveraging Check Point’s industry-leading network protections. SandBlast Agent delivers complete, real-time threat prevention and remediation across all malware threat vectors, enabling employees to work safely no matter where they are, without compromising on productivity.


This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO