Ransomware is a specific type of malware attack that involves a criminal transmitting contaminated software intended to infect the receiver’s computer and encrypt all of its data using a digital key that only the criminal has access to. The attacker then demands a ransom in exchange for unlocking the computer’s digital content.
Some ransomware attacks exploit known vulnerabilities in a specific operating system or software program. Others rely on tricking the target into installing the malware by clicking a link or opening an attachment.
With the anonymity available in cryptocurrencies, ransom payments are sometimes requested in bitcoin. Other ransom requests include gift cards, but many just request wire transfers. Unfortunately, there’s no guarantee the target’s system will be unlocked even after making the payoff.
Why it matters
Ransomware attacks are growing rapidly, in part due to their ability to proliferate quickly through internet communications. Unlike spear phishing, they don’t need to target a specific individual. Rather, they are an effective attack against consumers and corporate users in any industry, geography, or business function.
However, in the largest ransomware cases, criminals impersonate a trusted party in order to trick a victim into trusting them. Often they use a legitimate domain name in the visible “From” field of the header, leaving receivers with no way to validate the sender’s true identity.
These same-name domain attacks account for two thirds of all email attacks. In ransomware cases with same-name domain impersonation, DMARC adoption by the impersonated domain name will stop these malicious attempts 100 percent of the time.