What is Ransomware Virus ? – Cerber Ransomware virus, this virus has caused a stir in some countries and is also very dangerous. Actually what is it Ransomware virus?, ransomware virus is a type of malware that prevents or limits the user to access his or her PC. this Malware forcing the target to pay ransom paid through the online.
if you had been paid the ransom, you can use your PC again. Some types can ransomware encrypts files (usually called cryptolocker) so that data can not be opened even in any way except by paying the ransom
The ransom price also varies, from $500 USD to over $1000 USD, or also by bitcoin. However, if the target is already paying the ransom, does not guarantee that the virus makers will delete the virus.
PC users could be attacked by this virus in different ways. Ransomware can be downloaded without the knowledge of users visiting malicious websites or physically. This virus can also be transmitted by other virus that has infected the PC. There is also sent via e-mail attachments.
Once executed on the target PC, ransomware can
(1) lock the computer screen,
(2) terminate certain applications (such as antivirus or browser),
(3) prevent you to accessing the OS, and
(4) to encrypt files that you have been protected by a password.
There are several scenarios of each ransomware,
the first scenario, ransomware will show fullscreen image or a notice to the victim. In the notice also written how to pay the ransom. There is also a ransomware that locks files such as documents, spreadsheets, and other important files.
Ransomware is categorized as “scareware” because it forces the user to pay the ransom by means of scaring them. It is similar to that FakeAV malware that uses a different way, if ransomware encrypt and protect files, FakeAV persuade users to buy their antivirus software to show the results of a fake virus scan.
Ransomware develop into cryptolocker
In 2013 born a new type of ransomware. Ransomware is made to encrypted files and no longer aiming locking system. This new type of ransomware dubbed as “cryptolocker” because it is new. Cryptolocker ransomware similar to previous types, they force users to pay, but this time they encrypt files on a victim’s computer.
Although in cryptolocker written notice that in cryptolocker wear “RSA-2048” to encrypt the file, but according to Trend Micro analysis they say that cryptolocker use encryption AES + RSA.
RSA is an asymmetric key, meaning that RSA uses two keys. The first key is used to encrypt the data and the other key is used to decrypt the data. One of the keys available to outsiders so-called public key, while others are kept by the user and called the private key. AES uses a symmetric key, which means that the key used to encrypt the same as the key used to decrypt.
Ransomware uses AES to encrypt the key file. The key to decrypt AES is already written in the files encrypted by ransomware. But the AES key is encrypted again with RSA public key, means to decrypt the file we need to know the private key of the first. Unfortunately, the private key can not be known with ease, if not impossible to solve.
Around the end of 2013, a new type cryptolocker began to spread. This type is called the WORM_CRILOCK.A, can spread via removable drives such as flash, this type can also be called by CRILOCK. This means that the malware can spread easily than other ransomware variant.
Frequently Asked Questions
1. I can not access a PC and my files. Can I pay and take back access to my computer?
Many people who do not recommend to pay. There is no guarantee that paying ransom will give you access to your files again. Paying ransom can also make you more targeted by malware.
2. How to protect your computer against ransomware?
– Many things can be done to protect the computer against ransomware, such as
– Install and use an antivirus that is always updated.
– Make sure all your software is already up-to-date.
– Avoid clicking on suspicious links or opening e-mail attachments from people you do not know at all.
– Replace pop-up blocker on your browser.
– Backup your important files on a regular basis.
– For backup, you can rely on cloud storage to store it. By storing in the cloud, your data will be safer than create a backup file on the PC itself. Cloud services that you can use, among others such as onedrive, or file hosting on the internet.
3. How ransomware know my IP address?
IP addresses are not usually hidden, many online tools that can be used to obtain an IP address. Maybe ransomware to use these tools.
4. How ransomware get into my PC?
In most cases ransomware automatically downloaded when you visit a malicious website or a website that has been hacked. Ransomware also can enter through e-mail attachments, usually names the perpetrators of the file with the name of deceptive and extensions is .exe, for example AGENDA_01062015.exe or AGENDA_01062015.pdf.exe.
5. Do ransomware can be removed by antivirus?
Yes, in most cases, a good security software should be able to remove the ransomware virus from your computer, depending on the type of ransomware that infects the computer.
If the filecoder ransomware infects is simple and already a file encrypted by the virus, it may just antivirus can still decrypt the files. But if the attack is more sophisticated ransomware cryptolocker example, it is virtually impossible to decrypt the file.
6. What happens if we do not pay ransom ransomware?
Usually the time to pay the ransom limited by ransomware, if the time comes and the victim has not been paid, then the threat is access to files and documents will be lost permanently.
7. How do I know that the ransomware has infected my PC?
You will see a message pop-ups that ask for payment, any payment could range from hundreds of dollars to thousands of dollars. Payment must be made by anonymous currency, for example via Bitcoin.
8. Are ransomware attacks only Windows only?
No, ransomware also made for Linux, Mac OS and even Android. But in most cases ransomware attack Windows.
9. Is it really true that the authorities in the area I have detected illegal activity on my PC?
No, this warning is fake and has nothing to do with the authorities. Messages using images and logos legal system to make it look more authentic.
So always be careful with this one malware. If it is infected, then the data can not be opened even though the antivirus could not handle it. Similarly, articles about ransomware, may be useful.