Malware, Keystroke Loggers and Ransomware

Malware, Keystroke Loggers and Ransomware

Malware, Keystroke Loggers and Ransomware are normally software installed on a users workstation via a link from a website.  This software does not originate from that site and the user is frequently unaware that they have been infected.  The purpose each is different but all are malicious and intended to some sort of damage or steal some sort of data from either the user or more the entire network.

Keystroke loggers for example record each and every keystroke made by the user and then send specific keystrokes linked to specific sites back to the third party who created the software – this includes sensitive data such as banking login details, credit card and CVV numbers.  Frighteningly, some trusted software such as Windows 10 comes equipped with keystroke logging enabled by default, users are unaware of this as well as the fact that they need to go into their settings to disable it.

Ransomware is exactly as dangerous and malicious as it sounds.  There are two types of ransomware, the first is a simple lockout – i.e. the user is presented with a lockout screen when attempting to login and a payment is required to unlock that screen.  The second type of ransomware that is increasingly being seen by organisations is achieved when a third party gains access to your network via a link that seems for all intents and purposes, innocent to the average end user, over time the software installed infects the entire network enabling the creator to encrypt the entire organisations data and then ransom the password for a cash payout.  Frequently, even after paying the ransom, organisations are unable to access their data as they are either not provided with the password or something goes wrong.  The impact and costs of this type of malicious software can be so severe as to destroy that organisation completely.  According to a recent article published by the BBC, “3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns”.  This is just in the first quarter of 2016.


The LucidView Cyber-Security solution examines behaviour.  It looks at how your computer or network is connecting to the Internet and identifies any behaviour that is extraordinary.  Any anomalous behaviour is immediately further examined to identify the source of the behaviour, troubleshoot in the removal of the behaviour and prevent any further activity by the software causing that behaviour by ensuring that software is added to the LUCIDVIEW KILL LIST.

Because the identification and elimination is based on our own extremely thorough algorithm it requires no additional user education, sophistication of network administrators nor additional software.  The identification and blocking is all done on an automated or simple to use manual front end depending on your requirements.