James Gordon | 26.11.2015 14:58 | Technology
After entering the system, ransomware runs in various ways. It may appear as a simple display of fake warning notice that sometimes imitate the warning notices issued by law enforcing agencies or as a gift.
Ransomware message may claim that the infected PC contains illegal content (pirated software or multimedia or porn or it has been used for unlawful activities. Some ransomware payloads falsely state that a computer's installation and activation is fake by imitating product activation notices.
By the action they perform, ransomware viruses can be categorized into two main types. First are those that encrypt files with an encryption key and the second type of ransomware just locks the system screen.
The first type encrypts documents, spreadsheets and other important files. Where in the second type, the malware shows a full-screen notification, preventing the victim from using their system (mostly web browsers) making it unresponsive to all commands. This notification shows the instructions on how the victims can pay to recover their computer system. Some of the examples of ransomware are given bellow.
In a case of encrypting files, the ransomware also installs spyware that may steal Bitcoin wallets and passwords.
During only one month in 2015, nearly one thousand people reported Cryptowall infections to the authorities, and at least 19 million dollars were lost because of these Cryptowall attacks.
Crypt0L0cker is another encryption ransomware which appeared in late 2013. It generates a 2048-bit RSA key, uploads it to a command & control server, and encrypt files changing file extensions. If a payment was not made, usually within three days of the infection, the ransomware threatens the victim to delete the private key. Crypt0L0cker uses extremely large key due to which infected files are considered extremely difficult or impossible to repair.
Approximately 3 million dollars was lost by the victims of this malware before it was shut down.