From Wikipedia: Ransomware (Revision 1105134147)
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
- Back up your files regularly (most important)
Remember the 3-2-1 rule of data backup
The 3-2-1 rule: The idea that a minimal backup solution should include three copies of the data, including two local copies and one remote copy.
Try to back up at least once per week
- Don't ever pay the ransom
This just allows for more ransomware to be created, there is also a chance your files may have just been renamed, or that the ransomware developers won’t decrypt your files, and will laugh at your face as they steal your money and destroy your files.
- Do not attempt to access your backups or perform a backup until the ransomware is fully removed
Do not attempt to access your backups or try to back up data until the ransomware is fully removed, or if the external device you are plugging in is empty, and is low risk. Doing so may result in your backups on your external device to also be infected and destroyed
- Use a secure operating system
Keep your system up to date, security updates are crucial
Consider switching from Windows outside of a virtual machine, since the majority of ransomware affects Windows, and Windows is vulnerable to drive-by-attacks (simply visiting a webpage and not clicking anything is enough for malware to get installed onto your computer) and network ransomware (if one device in your household gets ransomware, it can spread to other computers via the network (Wi-Fi) )
Some ransomware sets only rename files. Once you remove the ransomware, there is a chance that simply renaming the file with its original extension will recover it, without even having to pay ransom.
Ransomware relies on social engineering and psychological attacks to use against its victims. Social engineering and related attacks are typically used in the process of getting the ransomware to be installed by a user.
If you are thinking of developing ransomware, please at the very least include a script that can deactivate the ransomware if there is no way to access the ransom payment method (eg: servers down forever)
Scripts for automatic de-activation
Ransomware generally is never ethical.
Click/tap here to expand/collapse this section
File type: Markdown (*.md *.mkd *.mdown *.markdown)
File version: 1 (2022, Monday, August 22nd at 1:50 pm PST)
Line count (including blank lines and compiler line): 107
Current article language: English (EN_USA) / Markdown (CommonMark) / HTML5 (HyperText Markup Language 5.3)
Encoding: UTF-8 (Emoji 12.0 or higher recommended)
All times are UTC-7 (PDT/Pacific Time) (Please also account for DST (Daylight Savings Time) for older/newer entries up until it is abolished/no longer followed)
Note that on 2022, Sunday, March 13th at 2:00 am PST, the time jumped ahead 1 hour to 3:00 am.
You may need special rendering support for the <details> HTML tag being used in this document
Click/tap here to expand/collapse the file history section for this project
Version 1 (2022, Monday, August 22nd at 1:50 pm PST)
This version was made by: @seanpm2001
Changes:
- Started the file
- Added the
titlesection - Added the
What is Ransomwaresection - Added the
General dos and don'tssection - Added the
Not all may be lostsection - Added the
Psychologysection - Added the
Ethical ransomwaresection - Added the
file infosection - Added the
file historysection - No other changes in version 1
