Ransomware: Understanding Their Behavior and Operation

What we’re going to talk about in this first video what ransomware is, a little bit about its behaviour in its operation. And then in the next video, we’ll be talking about some of the most famous instances of ransomware. So what is ransomware? Now ransomware is another malware family, but once it’s on a target computer, it will encrypt the system data and files. Then it prompts the user for a payment order to unlock the files. So on the right there, you see this is a picture from WannaCry. And what would happen is your system gets infected, the same vector that we’ve seen in every attack so far.

It’s either social engineering, it’s another vulnerability, maybe you’ve got some sort of SMB vulnerability on your system, or you get infected, or you fall susceptible to a Trojan or something like that. Once it’s on your system, the ransomware then executes. And it would typically encrypt your master file or any series of any set of files on your system. And in this case with WannaCry, you then get a pop-up like this that says, “Hey, you’ve got this much time to pay us the ransom to get your data– the key to unencrypt your data. If you don’t pay us within this much time, the price goes up.

You don’t pay us within this additional amount of time, your files are gone for forever.” And then typically, they only accept some sort of cryptocurrency like Bitcoin for payment. This has been one of the most dominant forms of malware that we’ve seen in the last couple of years because it’s the most effective way for attackers to make money. There’s a big debate out there on if you are a victim of this, should you pay or should you not pay? And it’s going to depend on your situation, that data, if you have backups, what you lost, and your personal ethical views on the scenario.

Hands down, the single most effective thing to do about ransomware is to make sure that you have regular and effective backups. If they encrypt all of your data, it doesn’t matter if you can just re-image your machine and pull your data down from the safe backup. So that’s definitely the most effective backup against this. And that’s something that everyone should be doing. And in the next video, we’re going to talk about NotPetya. And it’s interesting because NotPetya technically isn’t ransomware, it’s more along the destructive line. But it does the same vector and it’s got its name from ransomware. So we’ll get into that a little bit more in a minute.