Ransomware is a ransomware program that encrypts files on the victim’s computer, demanding money for decryption. In fact, it is a network worm that spreads independently on the Internet and in local networks through software vulnerabilities, especially in Microsoft Windows.
Information security audit
One of the most popular ransomware is the WannaCry program, which peaked in 2017. The software was a mixture of a worm and a backdoor. The infection occurred through a “hole” in the Windows SMB network protocol (a vulnerability also known as EternalBlue). WannaCry scanned the computers of Internet users for the presence of this vulnerability; no action was required on their part to infect them. After the automatic download and launch, WannaCry encrypted all files on the hard drive, except those that were needed for its operation. Then a window appeared on the user’s screen demanding that bitcoins in the amount equivalent to $ 300 be transferred to the specified account — otherwise, the encrypted files were destroyed after a week.
After payment, the victim received a decryption key. The key, however, is not working, because there was originally an error in the WannaCry code. The total damage caused by this ransomware was estimated at $1 billion.
Other infamous cryptographers that have harmed Windows users include Bad Rabbit and Petya.
Ransomware is distributed primarily through software vulnerabilities and errors made during configuration and administration of network components (for example, servers). Also — through spam mailing and in social networks, infection with viruses (like scareware).