How does it spread?
Ransomware has been shown to spread in four different ways:
- As an email sent to company addresses pretending to be from customer support from FedEx, UPS, DHL, Outback Steakhouse, etc. The trojan is attached to the email, usually labeled as a tracking number
- In PDF documents that are attached to emails, often labeled “Resume”
- Through hacked websites that can exploit computer vulnerabilities to install the malware
- Through trojans that pretend to be applications you need to download in order to watch videos online
The infection installs itself to the Documents and Settings folder on the computer and then proceeds to search for specific types of files that often store information that is important to a user, like Microsoft Word Docs or Adobe PDFs.
The ransomware then applies an asymmetric encryption to these files, which requires both a public and private key to unlock. The public key is stored in the malware itself and is used to encrypt the files. The private key that is being sold by the hacker is hosted on the hacker’s personal server. Once the ransom is paid, the private key is sent to the victim and the files are unlocked.