In the last weeks there has been an increase of Ransomware attacks, or at least many more cases have become public, see for example this Arstechnica article and CheckPoint analysis.
In principle Ransomware is among the simplest malware possible: in its simplest form it does not require zero-day or other vulnerabilities, erroneous security configurations or absence of advanced security measures. It is enough to execute on the target machine some code, with the user’s privileges, which encrypts all user’s data.
All of us continuosly download data on our PCs, smartphones etc. by “surfing” the Web, receiving emails, interacting in social media etc. So spam campaigns, malvertising, drive-by downloads can easily deliver to any PC some Ransomware.
Whereas anti-malware, and in particular anti-ransomware, is often effective against it, the common security mantra of “patch, patch and again patch!” is not said to be that effective since ransomware in principle can avoid to exploit unpatched vulnerabilities.
But most important what is the target of Ransomware attacks?
Ransomware attacks remind us that computers manage primarily information, and the main purpose of the attack is to take hostage this information. What is it good for a computer system if all information it manages is removed and we remain only with the Operating System and the applications? Without a valid backup of the users’ information, most of the value of a computer system is lost, and thus the ransom is paid…