Ransomware
Ransomware (also known as filecoder) is a type of malware that encrypts the content or locks your device and extorts money from you to restore access to your content. This kind of malware can also have a built-in timer with a pre-programmed payment deadline that must be met. If the deadline is not met, the price increases or the device becomes inaccessible.
When the device is infected, the filecoder may attempt to encrypt the shared drives. This process can make it seem like the malware is spreading over the network, but it is not. This situation occurs when the shared drive on a file server is encrypted, but the server itself does not contain a malware infection, unless it is a terminal server.
Ransomware authors generate a pair of keys, public and private, and insert the public one into the malware. The ransomware may be a part of a Trojan or appear to be a file or a picture you could receive in an email, on social networks, or in instant messengers. After infiltrating your computer, the malware will generate a random symmetric key and encrypt the data on the device. It uses the public key in the malware to encrypt the symmetric key. The ransomware then demands a payment to decrypt the data. The payment demand message displayed on the device may be a false warning that your system has been used for illegal activities or contains illegal content. The ransomware victim is asked to pay the ransom using various payment methods. The options are usually the ones that are difficult to trace, such as digital crypto currencies, premium-rate SMS messages, or pre-paid vouchers. After receiving the payment, the ransomware author should unlock the device or use their private key to decrypt the symmetric key and decrypt the victims' data; however, this operation is not guaranteed.
More information about ransomware protection ESET products use multiple layered technologies that protect devices from ransomware. See the ESET Knowledgebase article for the best practices to protect your system. |