IT Support for RansomwareInteresting fact…The first known ransomware was deployed in 1989 and was called PC Cyborg, nicknamed the AIDS Trojan. It was created by a man named Joseph Popp, which triggered a warning claiming that the user’s license to use a certain piece of software had expired, encrypted file names on the hard drive, and required the user to pay about $189 to “PC Cyborg Corporation” in order to unlock the system. Joseph Popp was declared mentally unfit to stand trial for his actions, but he promised to donate the profits from the malware to fund AIDS research – that’s where the nickname came from, but it’s unknown whether or not the money ever made it

Ransomware has quickly become one of the most expensive and devastating attacks in the hacker arsenal around the world. Cyber thieves are using this malicious code to target corporations, (generally) wealthy individuals, public sector organizations, and non-profit organizations by holding systems, files, and data for ransom. Unlike other forms of cyber theft that simply steals financial or healthcare information, ransomware holds an entire system or data file(s) hostage until a ransom payment is made. A recent survey conducted by the Cyber Security Research Center at the University of Kent [a public research university founded in 1965 and located in Kent, United Kingdom] found that over 40% of those infected with ransomware agrees to pay the ransom demanded, which is a huge incentive for hackers to increase their efforts and expand their reach.

Ransomware is essentially malware that infects a computer and takes control of the operating system by employing various lockout techniques and then takes over data files by encrypting them. Once under the hacker’s control, the program then informs the user that they must make a payment in order to remove the locks and restore the user’s endpoint or files. Ransomware primarily targets computers and server running Windows Operating Systems, although attacks targeting Mac Operating systems are increasing. Mobile platform infections are also becoming more common.

Basic ransomware locks the end-user out of their operating system, preventing even an IT support provider from logging in and accessing programs and data files. More advanced ransomware will target specific data such as confidential contacts, documents, spreadsheets, PDF files, and even personal pictures and videos, then use cryptographic techniques so that they are completely inaccessible. The most progressive ransomware stretches across network shares holding shared data and various server drives hostage. In this case a managed IT service company or IT consulting firm with highly trained senior engineer will need to get involved. In many cases, even when the ransom has been paid the data may not be released, and the cyber criminals can continue to demand more funds. Also the ransomware will remain on the hard drive in a dormant state, only to strike again. A skilled tech support company should ensure the malware is completely removed.