What is Ransomware?
Ransomware is malicious software that denies you access to your computer or files until you pay a ransom. There are two types of ransomware that SophosLabs is commonly seeing:
- Encrypts personal files/folders (e.g., the contents of your My Documents folder – documents, spreadsheets, pictures, videos). Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment. You may see a lock screen but not all variants show one. Instead you may only notice a problem when you attempt to open your files. This type is called ‘file encryptor’ ransomware. For example, CryptoLocker is a file encryptor that Sophos Anti-Virus detects as Troj/Ransom-ACP.
- ‘Locks’ the screen (presents a full screen image that blocks all other windows) and demands payment. No personal files are encrypted. Example screenshots of with type running on a computer are shown below (click for larger view).. This type is called ‘WinLocker’ ransomware.There is also ‘MBR ransomware’. The Master Boot Record (MBR) is a section of the computer’s hard drive that allows the operating system to boot up. MBR ransomware changes the computer’s MBR so the normal boot process is interrupted and a ransom demand is displayed on screen instead.
Watch CryptoLocker in action
CryptoLocker is a newer type of ransomware that encrypts personal files and then demands a payment of 300 USD to release them. Watch the video below to see it in action.
We have the solutions to help protect your business from these attacks.
Article originally posted in Sophos knowledge base.