What is a Ransomware?
A type of malicious software, Ransomware will prevent or limit the access of the computer system. It can do so by either locking the log in screen or by encrypting the files, until money is paid to restore them. These payments are done using online methods (generally Bitcoin) in order to obtain the decryption key. Step by step instructions are provided to User for making the payment and file recovery by the ransom ware. However, there is no guarantee that your files will be restored even after the payment!!!
Methods of Infections
Spam emails are commonly used to deliver malware on the Computer system. These emails contain these malicious programs in form of attachments or links to external malicious websites. These emails seem legitimate and from trusted sources like reputed organizations or a known accomplice, and tricks people to open the attachments or links, thereby leading to such infections (often known by the term social engineering).
Malvertising is another popular method to distribute these malicious programs by placing advertisements on commonly used websites and getting access to personal data & files even without any interaction from the user.
Exploit Kits (toolkits which are used to exploit the security holes in the system) are also used to deliver ransomware into the system by exploiting the vulnerabilities that might be present in the system.
How ransomeware works??
Now we know, Spam emails and malvertising are the most common ways to deliver ransomware to computers. Apart from this, Out dated systems also pave way for the attackers to exploit the security holes and infect the same with ransomware.
There is a possibility of threatening the user to expose the data that has been encrypted by the ransomware to the public or social networks, if the deadline to pay the ransom is not met.
Another forcing technique is to ask the victim to play an online game or run an executable file in order to play the game for certain period of time to unlock the files. Ransomware such as PUBG Ransomware are joke ransomware that have no intention to extort money from their victim but just demands them to play a certain game and even provide security code to them, in case they do not wish to play the same.
Whom does a Ransomware target?
In earlier times, the prime targets for Ransomware were the individual systems or personal computers. But there has been a notable shift in this approach by the cybercriminals as they realized the potential and the revenue they may generate from the businesses and organizations. The Year 2017 has seen global ransomware attacks targeting large businesses and millions of systems in a go, thereby making Ransomware a global threat.
Such organizations that are hit by these Ransomware generally become the soft targets to extort money in a simple and quick manner. Generally, Governmental organizations or medical facilities cannot afford such data breach as leakage or loss of valuable information is on high stake. As a result, if attacked, such organizations, in order to keep the news of compromise confidential, get convinced to pay the ransom quickly.
Types of Ransomware
Ransomware can be classified in two types:
- Encrypting Ransomware – Such Ransomware are the nasty ones make the victims suffer the utmost with the infection. They encrypt their crucial data or files present on the system and demand a payment in order to decrypt them. These type of ransomware are not just nasty but also quite dangerous too as once the attackers get hold of your data or files, it is impossible to recover the same until you get the decryption key, upon the payment of ransom.
- Screen Lockers– Also known as computer locker, these ransomware do not encrypt the files but deprive the users from accessing the computer system. The user interface of the system is locked by this ransomware and the victim is demanded the ransom so as to regain the access. The victim is often left with very few capabilities in such a case and can merely establish the contact with the attacker in order to pay the ransom.
Infamous Ransomware attacks of 2017
There were global ransomware attacks in the year 2017 that hit the world and crippled businesses worldwide. Let’s have a look at some of the notorious ones that made us felt their impact in the worst possible manner and were widespread:
- WannaCry– Wannacry was a worldwide cyber-attack that took place in May 2017 and the WannaCry Ransomware Cryptoworm targeted the PCs running on Windows Operating System. It is estimated that the ransomware targeted around three hundred thousand computers worldwide and involved losses of billions of dollars. WannaCry also was successful in creating backdoors on the systems it infected. Although, the attack was contained within a few days of its spread pertaining to the emergency patches released by Microsoft but till then, hundred and fifty countries were affected. Later, USA Government blamed North Korea for launching this global cyber-attack .
- Petya/NotPetya Ransomware – In June 2017, Ukraine, Russia and other European countries were worst hit by a global ransomware attack- NotPetya. Initially thought to be the variant of Petya (discovered in 2016), it was later discovered that the threat was different from Petya and only used some part of the former’s source code. Therefore, it was named as “NotPetya” by Kaspersky. In February 2018, an official statement was issued by White House, blaming Russia for the NotPetya Cyber Attack .
- Bad Rabbit Ransomware– Hitting the organizations across Russia, Ukraine and Eastern Europe, Bad Rabbit Ransomware infected the systems in October 2017. The ransomware presented the victims with a ransom note stating that the files were no longer accessible to them and could not be recovered without the decryption services from the attackers. The code of Bad Rabbit Ransomware has similarities with NotPetya and both were closely related. The Ransomware infected the systems via a fake flash player update and the code contained the references of Game of Thrones.
- Locky Ransomware – Locky Ransomware was although discovered in the year 2016 but was very active in the year 2017. Since 2016, the world has seen the ever multiplying variants of Locky Ransomware. The Ransomware was majorly distributed through exploit kits and through spam emails containing malicious attachments.
How to protect against a Ransomware attack?
The best way by which we can combat a ransomware attack is by periodically backing up important data on external devices and cloud. Undertaking regular backup of your important data or files will help you against any such attack and you can safely avoid the payment of ransom that has been demanded.
The unverified emails should be avoided and users should remain cautious before clicking on any attachments or links that come along with them. Users generally act in haste and click on such malicious links that come along with these spam emails,which ultimately deliver ransomware or other malware on their system. So, proper caution should be taken before you check the contents of such emails.
It is equally important that to effectively invest in good cybersecurity that can render you real-time protection as it is specifically designed to prevent the advanced malware attacks. Advanced features that can prevent you from ransomware attacks by blocking them or possess the capabilities to shield your vulnerable programs from any such threats should be looked for.
People should always keep their operating systems, anti-virus and other software updated. Security holes can pave way for such attacks and it is important that you update them on regular basis. Hence, it is always recommended that you keep your automatic update for the system, enabled in order to reduce the chances of any threat exploiting the vulnerabilities that might be present on your system.
Last but not the least, it is important to remain informed and cautious. You should avoid any attachments that may seem suspicious or any websites that may seem untrustworthy. Malware infections mostly take place when users fail to proceed with care and caution.
So, you can save yourself from any such ransomware attacks in future if you take little bit of extra care and stay vigilant.