Ransomware is malware designed to deny access to a user’s computer and its data until a fee is paid. The ransomware does this by encrypting all the data on the user’s computer. This malware is typically delivered through a phishing email, which contains a link that, when clicked, delivers the ransomware payload onto the user’s computer. Ransomware first gained attention in the late 80s and was implemented using basic cryptography, which when it worked, set off a new world of cyber criminals, where corporate networks were targeted.
This malware essentially locks the users’ computer by running a payload, which locks the user’s computer until a ransom is paid to unlock it. This extortion may not end after the fee is paid. If the user has files that are deemed important, they should back them up on a separate, remote drive in case of an attack. When the ransomware is deployed, the files on the user’s computer are typically locked or encrypted and the fee is usually paid in a virtual currency, which is usually untraceable.
The first known ransomware attack was deployed in 1989. The very first known malware extortion was called the AIDS Trojan, aka PC Cyborg. This low-tech malware was distributed in over 20,000 floppy disks to AIDS researchers. It hid files on the drive and encrypted the file names, displaying a message to the user that their license to use a specific type of software had expired. As a ransom, the user was asked to pay $189 USD to receive a repair tool. The decryption tool was easily extracted directly from the code of the Trojan, rendering the malware flawed because it was not necessary to pay the extortionist.
The NHS was hit by a targeted ransomware attack on May 12, 2017, so it is possible that even ultra-secure government organizations are vulnerable to such attacks. Ransomware attacks computer systems in one of two ways: the first way is that it encrypts the files on a computer or network; and the second attack focuses on locking the user’s computer. Some forms of this malicious software can even spread like a worm and infect other users on the network, damaging files. Even after paying the ransom, there is no guarantee that the user’s files will be undamaged or that the issue will go away. Paying the ransom may even embolden the cyber criminal to try and get more money out of the target.
Check Point’s Anti-Ransomware technology uses a purpose-built engine that defends against the most sophisticated, evasive zero-day variants of ransomware and safely recovers encrypted data, ensuring business continuity and productivity. The effectiveness of this technology is being verified every day by our research team, and consistently demonstrating excellent results in identifying and mitigating attacks. SandBlast Agent, Check Point’s leading endpoint prevention and response product, includes Anti-Ransomware technology and provides protection to web browsers and endpoints, leveraging Check Point’s industry-leading network protections. SandBlast Agent delivers complete, real-time threat prevention and remediation across all malware threat vectors, enabling employees to work safely no matter where they are, without compromising on productivity.