05 Apr Understanding Ransomware and measures to avoid being held hostage
For the layman, a bleak yet thorough description of the term ‘ransomware’, can be summarized in the following manner: Imagine a situation where someone important to you is held hostage and the perpetrators demand a ransom. The only difference in the case of ransomware, is that your data is held hostage and you will have to pay a hefty price to retrieve it.
Ransomware is a form of a malware that enters your system and prevents you from accessing your files and data by locking you out. The offending party that is responsible for deploying the virus into your computer, demands a ransom promising (not always honestly) to restore your access to the data upon payment.
The term ‘ransomware’ gained widespread popularity in 2017, when thousands of computer systems across the world were affected by ‘WannaCry,’ a malware that encrypted user data and then demanded payment in bitcoins for decryption.
How Ransomware Works?
There are numerous means by which an attacker can deploy ransomware to your system. One of the most common ways the attackers use to deploy ransomware into a computer is via a phishing spam. A phishing spam is an attachment that the attacker sends to the victim via email, camouflaged as a file that the victim can trust. Once the victim downloads and opens the file, the attacker easily takes over the victim’s computer, especially if the attacker has a built-in social engineering tool that misleads the user into giving administrative access to the attacker. However, there are some belligerent forms of ransomware like NotPetya that abuse security holes to access systems without even needing to deceive the users.
A series of events occur after a ransomware takes over your system. To start with, almost all your files are encrypted and you will need a mathematical key, known only to your attacker if you want to decrypt the files. You will then need to send a Bitcoin payment as ransom to the attacker.
In most cases, the attacker claims to be a ‘law enforcement agency’ or a ‘government organization’ that shuts down your system due to the presence of a pirated software or pornographic content. The ransom is referred to as a ‘fine’ so that you are less likely to report the incident to the authorities. On the other hand, most attacks don’t bother with this façade. There are other variants called doxware or leakware, where the attacker will threaten to leak your sensitive data unless you pay up. But because extracting such information is tricky, encryption ransomware is by far the most used ransomware.
Types of Ransomware
There are usually three main types of ransomware varying in severity from slightly annoying to extremely dangerous. They include;
- Scareware: Don’t fall for the name, it is not as scary as it sounds. Scareware usually includes tech support and security scams. Every once in a while, you might receive pop-up messages claiming that your system is affected by a malware and the only way you can fix it, is to pay up. If you ignore these pop-ups, there are chances that the attacker might send more or lose interest, but your system is quite likely to be uncompromised.
- Screen Lockers: If a screen-lock ransomware attacks your system, it means that you are entirely frozen out of your computer. When you restart your system, you will be presented with a full-sized window convoyed by an official-looking Government website stating that they have detected illegal activities on your computer and if you don’t want to get arrested, you will have to pay the fine upfront.
- Encryption Ransomware: This is most probably the ‘nuclear bomb’ of ransomware. The attacker will gain complete control of your system and encrypt the files. The attacker will demand a hefty ransom if you want to access your files again. What’s making these ransomware most dangerous is that they easily go undetected in the security software and even if you pay the ransom, there is no guarantee that the attacker will decrypt your files.
Who is the Target for Ransomware?
The attackers mostly target organizations that have smaller security teams, as their systems are easier to penetrate. For instance, universities and educational institutions are easy targets for cybercriminals who can easily deploy ransomware to their systems.
On the other hand, government agencies, law firms and medical institutions are also on the radar of the attackers as these organizations often require immediate access to their files. These organizations are willing to make upfront payments as they are in the possession of sensitive data which they can’t afford to lose.
Don’t assume to be on the safe side if you don’t fit the categories. As mentioned earlier, ransomware can spread automatically and erratically over the internet in no time.
There are several defensive approaches you could take to prevent your system from getting infected. The steps we are going to mention will improve your defenses against all sorts of attacks including ransomware.
- Make sure your operating system is up-to-date and patched up as it will ensure that your system has fewer vulnerabilities to exploit.
- Never install a software that asks for administrative privileges, unless you know what the software is for and how it works.
- Always use trusted antivirus software that can easily detect malicious activities and programs running on your computer. Good antivirus software will prevent unknown and unauthorized files and applications from executing.
- Never forget to backup your files and data every once in a while. It will not stop the ransomware from attacking, but it can surely make the damage caused by the ransomware seem less significant.
Finally, all you have to do is stay informed. Educate yourself and your colleagues on how to avoid becoming prey to ransomware. You have to understand that things like ransomware and malware can’t be stopped from developing but you can surely stop them from accessing your systems.