It’s a normal work day— that is, until you receive an intriguing email from your boss asking you why an invoice was improperly paid. In the message, they seem angry, demanding to know why you approved this high-dollar transaction.
You panic, thinking you made a big mistake. Without hesitation, you open the attachment and start looking over the invoice before downloading it to verify your records.
As you’re cross-referencing the numbers, your device suddenly freezes and the next thing you know, you’re staring squarely at a pop-up saying you’ve been locked out of your operating system. The pop-up explains that in order to get your functionality back, you’ll need to pay a hacker a huge fee to unlock your device.
This is the classic example of ransomware. Let’s learn more about this type of cyber attack and how the victim of a digital compromise might gain access back to their data:
Ransomware is a type of malicious software designed to block access to a computer system until a payment is made.
Typically, a ransomware attack presents itself as a pop-up or a displayed message, explicitly demanding a fee in order to gain back access to a locked system, according to Kaspersky.
While there are numerous attack vectors a bad actor can take to execute and install the malware used in a ransomware attack, here’s a common narrative of their methodology:
Typically, a ransomware attack begins with a hacker creating malicious software (malware).
We won’t bore you with the details of how the malware itself was created; all you need to know is that the hacker devises a script to trigger a command from a “shell” operating system, ultimately allowing them to control your device remotely.
But here’s the catch: the bad actor has to get a user to download this malicious software in order to take over the device. This is why they need a plan for tricking a user into installing the malware without realizing it. To do this, the attacker will often devise a clever social engineering scheme— most commonly, a phishing attack.
While there are a number of phishing tactics out there, bad actors often target a user’s email or text message inbox, attaching malware to a document sent via email or in a link in an SMS message.
When an unsuspecting user downloads an infected file or clicks a trigger on an infected webpage, they allow malware to be installed within the background of their computer.
When the malware is installed, their command shell receives a trigger, alerting the cyber attacker that a breach has occurred. From there, the bad actor can execute a series of commands remotely, granting them control over the infected device.
While with other forms of malware a hacker’s objective may be to install this malicious software quietly without the victim noticing (to glean deeper information over time)— ransomware attacks are loud.
From the moment ransomware is installed, the infected user typically knows, as they receive a message alerting them that their device or data has been compromised. What differentiates ransomware from other types of malware is that the attacker demands the infected user pay a “ransom” to unlock access to their barred device or data.
Sometimes it’s easier to understand a cyber attack when you see real life examples of them in action.
Even big brands can fall victim to ransomware attacks, despite their million-dollar security defenses. Read more about famous ransomware attacks on:
Most ransomware attacks occur as the result of social engineering exploits, wherein attacks trick users into downloading malicious software.
Educate your team on the dangers of phishing scams and more by scheduling engaging, interactive security awareness training presentations with the world’s once most famous hacker, Kevin Mitnick.
While social engineering is a huge threat, there are other ways cyber attackers get in. Download our 5-½ Steps to Elevate Your Cybersecurity guide to stay on top of your security, today.