The purpose of ransomware is to devastate and it becomes more popular with each successful attack. Ransomware has evolved beyond random attacks on gullible victims and has grown into a full-fledged business of profiteering. The modern cybercriminal who perpetrates ransomware attacks is smug, efficient and entrepreneurial.
Ransomware used to be straightforward; threaten or trick a victim into paying a fee and then disappear before the user realized that they weren’t getting their files back. Recently, this has changed; cybercriminals have realized that is more profitable to adopt traditional customer service and marketing techniques. Many types of malware now come complete with detailed instructions on how to pay the ransom. Directions are often translated into multiple languages to maximize potential targets. Cybercriminals have also changed their overall strategy and many will now provide valid decryption keys to victims that pay their ransom. The reason why? It’s good business sense. A victim who pays and recovers their files is likely to do so again, or better yet, tell others about the experience.
As ransomware attacks become more sophisticated you might wonder what an infected user will have to go through. Below we have attached a case study of a user who decided to give into ransom demands.
The user discovered that many of their files had become encrypted and converted to an unreadable format. The encrypted files included: .docx, .xls, .ppt, .pdf, .eps, .ai, .indd,.mp3, .jpg and .log files. The encrypted .log files meant that data could not be restored easily from a backup and even registry entries had been corrupted. To make matters worse, the infected system had lost its ability to connect with Group Policy Services, which meant all admin privileges had been revoked on the system.
With no easy fix in sight, the victimized user looked into the ransom demands. Included with his locked data files was a simple text document shown below: