Ransomware is a form of malware in which criminals attack a user’s personal data and threaten the user to publish it online or Ransomware attackers can block the user’s access to his data and ask to pay a ransom amount to unblock it.

Ransomware is typically distributed via phishing emails with malicious attachments and drive-by downloading. It generally occurs when a user visits an unsafe website without their knowledge, then this malware is downloaded and installed without the user’s permission. It is extraction malware that locks your computer and demands a fee to unlock it. This malware gets into the gadget initially. It completely hijacks your PC or device. The home screen displays a message that your PC has been hacked. In order to get the access back, the victims are asked to pay a ransom amount to the hacker.  

Ransomware works via phishing emails in general. Phishing emails are one of the most prevalent ways to deliver ransomware. A link is included to an email with an attachment the victim believes they can trust. As soon as the victim clicks on that link, the malware in the file begins to download.

Types of Ransomware attacks :

1. Locker ransomware – 
   This malware is distributed via spam campaigns. The email message pretends to be a FAX message requiring your immediate attention. When a user opens the email, he or she is asked to download and open an attached zip file. Locker ransomware is a virus that infects computers and locks the user’s files, preventing access to data and files on the computer until a ransom or fine is paid. To unlock files, Locker requires payment via any medium.
    
2. Crypto ransomware –
   Crypto ransomware is a variant that encrypts files. It is also spread via similar methods and has been distributed using numerous websites, emails, newsletters, etc. This malware pops up on the screen with a warning saying something like “Pay the ransom amount to decrypt the system”. This ransom is typically in the $100–$300 range, and it is sometimes demanded in virtual currency, such as Bitcoin.

Prime Suspects of Attackers :
Anyone might be a target for a ransomware attack these days if they have valuable or important data. It also depends on how quickly you respond to a ransom demand, how sensitive your security is, and how well you train your employees on phishing emails, among other things. Along with, different sectors like Education, Government, Healthcare, energy/utilities, retail, finance, etc. 

Cybercriminals are increasingly interested in targeting educational institutions, Healthcare firms since they have the social security numbers, medical information, intellectual property, research, and financial data of academics, staff, and students. 

How to protect our server from Ransomware?

• Do not click on suspicious links –
  Do not click on links in spam messages or on unknown websites. Clicking on malicious links may initiate an automatic download  and infect your computer.
• Avoid disclosing personal information –
  Do not respond if you receive a call, text, or email from an unknown source requesting personal information. Cyber ​​criminals can use this information  to ensure that the email or link they send belongs to you and that you can access it safely.
• Do not open any suspicious email attachments –
  Ransomware can also infect your device via email attachments. Don’t open any suspicious-looking attachments. Pay close attention to the sender and double-check that the address is correct to ensure the email is trustworthy. If the attachment is infected, on opening it will launch a malicious macro that will allow malware to take control of your computer.
   
• Never connect unknown USB sticks to your computer –
  Never connect unknown USB sticks or other storage media to your computer. Cybercriminals could have infected the storage medium and left it in a public place to entice someone to use it.
   
• Maintain the latest versions of your programs and operating system –
  Updating programs and operating systems on a regular basis can help protect you from malware. When performing updates, ensure that you receive the most recent security patches. This makes it more difficult for cybercriminals to exploit vulnerabilities in your software.
   
• Use only trusted download sources –
  Never download software or media files from unknown sites to reduce the risk of downloading ransomware. Downloads should only be obtained from verified and trustworthy websites. These types of websites can be identified by trust seals. Check that the browser address bar of the page you’re visiting uses “https” rather than “http.” In the address bar, a shield or lock symbol can also indicate that the page is secure. Also, when downloading anything to your mobile device, proceed with caution.
   
• Use VPN services when connecting to public Wi-Fi networks –
  Using a public network can lead to unauthorized access of your crucial information. Your computer is more prone to attacks when connected to a public Wi-Fi network, thus, avoid doing it.

Ransomware Attacks examples.

• AIDS Trojan –
  The AIDS Trojan, created by evolutionary biologist Dr. Joseph Popp, was one of the first documented cases of ransomware. Under the headline “AIDS Information Introductory Diskette,” Popp delivered contaminated floppy diskettes to hundreds of victims. The Trojan overwrote the AUTOEXEC.BAT file, which was then used to keep track of how many times the computer had booted up.
   
• WannaCry –
  WannaCry, a ransomware computer worm that encrypts files, was first distributed on May 12, 2017. The ransom demanded ranged from $300 to $600 and was to be paid in Bitcoin. WannaCrypt, WCry, Wana Decrypt0r 2.0, WannaCrypt0r 2.0, and Wanna Decryptor are all names for WannaCry ransomware.
   
• CryptoLocker –
  From 5 September 2013 till late May 2014, CryptoLocker, an encrypting Trojan horse, was active. The Trojan spread by infected email attachments and an existing Gameover ZeuS botnet, targeting computers running Microsoft Windows. Once active, the malware used RSA public-key cryptography to encrypt files on local and network drives, with the decryption key saved on the malware’s control servers.
   
• Bad Rabbit –
  On October 24, 2017, people in Russia and Ukraine discovered Bad Rabbit. It encrypts the user’s file tables in the same way that WannaCry and Petya did and then demands a Bitcoin payment to decode them. Interfax, Odessa International Airport, Kiev Metro, and Ukraine’s Ministry of Infrastructure were all infected by Bad Rabbit, which spread via a phony Adobe Flash update