Ransomware are computer viruses which lock documents on victim’s infected PCs and asks for a ransom. Once infected, the computer will keep on working but photos, movies, music, documents belonging to the victim are protected by means of encryption algorithms. Once the victim pays the ransom, criminals usually unlock the protection from the encrypted documents and remove the trojan.
The infection usually spreads via phishing emails, with topics depending on several factors. First occurrences of ransomware such as Cryptolocker, CryptoWall or TorrentLocker were disguised as invoices or refunds which were directly attached to phishing emails. Recently, phishing emails begun talking about Express Courier tracking codes(FedEX, DHL, UPS, SDA, Turk Cargo, etc.), Energy Providers (ENEL, etc…) or Phone Companies (TIM, H3G, Vodafone, Wind, etc..).
With the exception of some specific cases, no permanent solution has yet been found for decrypting documents encrypted by ransomware such as Cryptolocker, TorrentLocker, CTB-Locker, CryptoWall, etc…
Questo articolo è disponibile anche in: Italian