Ransomware: what it is and how it works

A company that cannot access its files because of a cyber-attack can end up stopping its entire business in its tracks. Cyber-attacks come in many forms, and are becoming increasingly complex. They can range from stealing data to damaging a computer. Ransomeware is one of them, and it poses a serious and costly threat to every type of business and organisation.

Learn what ransomware is.
Communication Team

Telefónica Follow

Reading time: 4 min

Online attacks have become one of the most important problems in the business and digital environment. According to a report by Check Point Research, 1,252 cyber attacks per week were detected in Spain during the first quarter of 2023. This represents an increase of 7% compared to the same period last year. One of the most repeated attacks was ransomware. As the report indicates, one in 20 Spanish organisations suffered one.

What is ransomware? 

Ransomware is malicious software, or malware, that gains entry into a computer system to block access to an organisation’s computers and computing devices or data. In this way, cybercriminals ‘hijack’ such computers to demand a financial ransom in exchange for releasing the blockade and restoring the device to normal operation.

This practice has been causing serious problems for businesses and users around the world for more than 30 years. AIDS Trojan was the first known ransomware in history, created by Joseph Popp in 1989, an American doctor who was arrested by the police after finding a list of names and addresses of potential victims on his personal computer. At the time, the most common way to “infect” computers was via floppy disks, as Popp did.

How does ransomware work?

Not all ransomware malware works the same. They also become more sophisticated over time, forcing cybersecurity managers to dig deeper technically to understand how they work. Here are some of the most commonly used:

  • Diskcoder ransomware: encrypts the entire hard disk and prevents the user from accessing the operating system. This is undoubtedly the most problematic and dangerous, as the cybercriminals get hold of all the files, and there is no software capable of restoring the system or making it operational again.
  • Crypto-ransomware: this malicious software restricts access to the system by encrypting the content stored on the hard disk.
  • Screen locker: locks the screen of the electronic device, making it completely unusable. Any functionality of the screen is paralysed, so the user cannot customise the background, adjust the brightness, balance the colour, or turn on the system.
  • Pin locker: this usually attacks devices that use the Android operating system. With this technique it is possible to change the terminal’s access code to prevent the user from entering.

How does a device get infected by this type of cyber-attack?

This type of malware can infect a device in several ways. The most common method is via malicious spam or malspam. This message clusters in the spam folder, and usually includes trap attachments such as PDFs, JPG images or Word documents.

Another widely used method of infection is malvertising. Hackers distribute malware through online advertisements. In this way, computers are infected without the need for excessive interaction with the ransomware. At the same time, the servers analyse the user’s movements and location in detail and send personalised advertising.

What to do if a device becomes infected?

Unlocking a ransomware-infected device is not easy, and may even be impossible, as these are imperfect solutions with discrete results. Tempting as it may be, it is essential not to pay the ransom demanded by the attackers, as there is no guarantee that the device will be restored to normal.

Once infected, it is most effective to format the entire computer and restore the device, as if it were newly acquired. In addition, you can try to remove the malware with a tool available online. These softwares detect dangerous files and quarantine them to improve the user’s activity.

But one of the most effective measures is to make regular backup copies, to avoid the total loss of data. It is also important to inform the authorities, such as the National Institute of Cybersecurity, Incibe, as they have experts capable of providing guidance in a context as complex as a cyberattack, which can be of great help.

How to protect yourself from a ransomware attack?

To prevent an attack of this kind, it is advisable to apply a series of preventive measures. It is advisable to keep the systems of the devices up to date, to have the latest versions of the internal programmes, and to install an antivirus system so that it is regularly updated to detect possible attacks.

People in companies and organisations need to learn how to use anti-spam solutions in email. In this context, it is important to educate and train in good practices, so that they can detect a possible ransomware attack, e.g. do not open attachments from unknown senders, always verify the origin of the message, analyse the origin of the sender and avoid illegitimate emails. 

Share it on your social networks


Communication

Contact our communication department or requests additional material.

Telefónica Centenary logo Celebrate with us the Telefónica Centenary
START THE ADVENTURE