What is a Ransomware virus and what is its objective?

Ransomware is a type of malicious program (malware) developed to block access to the computer and the files it contains to subsequently ask for a ransom in exchange for recovering them. It is an increasingly frequent threat that affects both individuals and companies alike.

There are different variants of ransomware. The less aggressive ones only impede the normal functioning of the computer but the most aggressive encrypt all the files on the device, whether this is a computer or mobile phone, and prevent them from being opened. In most cases the only solution is to restore files through a backup; which is why it is necessary that you always have this option activated.

Characteristics of a Ransomware virus

Cybercriminals have different ways of infecting technological devices. The most common way is via email with a malicious attachment, but there are other ways, by which the characteristics of a Ransomware virus are defined:

As we said, email is the most common way for cybercriminals to infect a device. They select an organisation and impersonate it, usually through an alarming or very attractive message that leaves little room for manoeuvring. It is usually accompanied by an attachment or a link to download one. What can you do in a case like this? If you have received an email that you were not expecting, the most advisable thing is to delete it since these files are not the malware they are the program that downloads it. For this reason, antivirus software has problems detecting them.

WhatsApp and SMS/MMS messages are the next most vulnerable to this type of attack. The modus operandi followed by the cybercriminals is very similar to that of email. You should not trust messages that have a link, if you are not completely sure of their origin. They use social engineering to get you to click on the link, causing you to download the malicious program.

And what about social media?

Who doesn’t have an active social network. Whether its Facebook, Twitter, Instagram or Pinterest... cybercriminals often create fake or stolen profiles from other users to introduce viruses through them. This makes them less suspicious. In addition, they make use of applications that promise things that are too good to be true, offers at incredible prices, or which offer many features for free. The malware might be behind all this information

Tip for preventing a ransomware virus: always download applications from official sites.

Files downloaded from the Internet and applications that are not updated

Cybercriminals take advantage of unofficial downloads to introduce malware into them. Therefore, any files whose origin is not the official source or the manufacturer's web pages, have a greater chance of having been modified. This type of unofficial software or ''cracks'' are files to make the non-original copy work. By downloading and subsequently installing these types of files, you may be infecting your computer or mobile device with ransomware or other malicious software.

Applications that have not been updated are the most vulnerable to this type of malicious attack. It is the most dangerous form of infection because it is the most difficult to detect. Cybercriminals take advantage of those weak points of the device and the moment you browse with an application without updating, you are exposing yourself to infection. Pages with pornographic content are a common source of infection, but they are no longer the only environment where viruses hide. What’s the easiest way to avoid it? Always have the software updated with its latest version.

Finally, there is the tactic of impersonating an app in the official store, usually through a

Main organisations impersonated by cybercriminals

Cybercriminals use organisations you know to impersonate their identity. They take advantage of the trust that users have in these entities to impersonate them and introduce malware through web pages or emails, for example. In Spain the most frequently impersonated public institutions are Correos y Telégrafos (the Spanish Post Office), the Police and the Civil Guard.

Tips for preventing a Ransomware virus

There are a number of tips you can follow to prevent your tech devices from becoming infected.

  • Keep the operating system, applications and antivirus always up-to-dated. This way, cybercriminals will not be able to infect your device while you browse the Internet.
  • Avoid opening attachments or clicking links in unexpected emails, whether you know the sender or not.
  • Also be careful with the links that reach you through SMS or other instant messaging services like WhatsApp and social media.
  • Avoid accepting friend requests from people you don't know on Social Media.
  • Be careful when downloading and installing apps: try to avoid unofficial pages and above all, avoid those applications in which the developer is not known and the comments and reviews of the app are negative. Do not use pirated applications or programs.

In addition to the above recommendations, it is also important that you follow all those described in this article on phishing, because email is the main means of dissemination of this type of threat.

What should you do if your device has been hijacked?

Quite often it is impossible to avoid infection on your digital devices by Ransomware viruses. If you are a victim of this type of fraud, the chances are the files have been encrypted and your device is not working normally

If cybercriminals ask for a 'ransom' for your data, don't pay. Paying does not guarantee that your files will be returned to you and, furthermore, you run the risk of them considering that if you were able to pay once, then you will be able to pay again. Even if they agree to return your files to you, you are not guaranteed they will function normally. To make matters worse, if you pay, you are contributing to making this criminal activity profitable and, therefore, helping it to persist over time.

Should this happen to you, we recommend you follow these steps recommended by the Information Security Office (www.osi.es) on its web page:

  1. If the infection originates from a fraudulent email, remove it from your inbox to avoid future occurrences.
  2. Scan the device with an updated antivirus.
  3. If your device has been 'hijacked' access the Information Security Office (OSI) (https://www.osi.es/) where you will find the necessary steps to unlock it.
  4. In the case ransomware has encrypted the files, in most cases the only solution is to restore a backup, although there may be some exceptions.

If in the process you have any doubts on how to remove a Ransomware virus you can go to the contact section, where the OSI professionals will help you with your consultation, both by email and by phone (www.osi.es/es/contacto)

If you want to know more about the social engineering and Backups you can find this on the OSI website.


Icon / PlayerCreated with Sketch.

Cyber tips: Vishing/Smishing

In this video, discover how to always be protected against possible cyberattacks.


You might be interested in