To perpetrate the attack, a hacker typically embeds a link to the Ransom32 application in an email that tries to fool the user into clicking it. The text and appearance of the email are crafted to make it seem that the link concerns something legitimate. When the user clicks the link, the Ransom32 application loads. It immediately accesses the user’s file system and begins encrypting the files using AES-128, an industry-standard encryption algorithm. It shows the user the attacker’s bitcoin address and instructs him to pay a particular fee to that address. Once the victim pays the fee in bitcoin, his files will be decrypted. The only way to recover the files is to pay the fee.
Of course, the author of Ransom32 benefits significantly from these shenanigans, taking a 25 percent cut of the attacker’s earnings. In other words, for every 100 bitcoins paid by Ransom32 victims, the author of Ransom32 earns 25 bitcoins. That’s a pretty sweet deal.
How can users protect themselves? It’s simple: always be suspicious of links, particularly in emails. Don’t just click them. Hover over a link and carefully examine the address that shows up in the bottom left corner of the page. If the email seems to concern your online banking account, but the link address leads somewhere other than your online banking website, look away, because that link probably leads to peril, perhaps even to a Ransom32 attempt. Put your guard up and resist the urge to click.