If not redirected, please click here https://www.thesecuritybuddy.com/ransomware-prevention/how-to-prevent-ransomware/
Ransomware is a type of malware which infects a computer silently and restricts access of the computer for the user. After that, it demands for a ransom to the victim to resume normal operations on the computer.
Ransomware is a type of malware which infects a computer silently and restricts access of the computer for the user. After that, it demands for a ransom to the victim to resume normal operations on the computer.
Ransomware is one of the biggest
threats of today. Every year it infects millions of computers and
extorts hefty amount of money from the users or the organizations.
Targets of Ransomware
Ransomware can target any computer
including a home computer, endpoints in an enterprise network or
servers of an organization or government agency or a healthcare
provider. Ransomware infects a computer by some means and then stops
normal operations until the ransomware is removed from the computer.
Different Types of Ransomware
There can be different types of ransomware. They infect a computer by various means and restrict the
access of the computer using different ways.
One type of ransomware infects a
computer silently and displays a fake warning message. It falsely
claims that the computer has been used for illegal activities like
pirated software or pornograpghy and got caught by some legal
authorities. And then it claims a large amount of money from the
user.
Another type of ransomware infects a
computer and sets the Windows Shell to itself. Then, it restricts
access of the computer to the user and claims a large amount of money
to give back the access.
And some ransomware are extremely
complex ones. They enter the system and encrypt useful files with an
encryption key which is difficult to break. It then asks the user to
pay money to be able to decrypt those files. But, payment of money,
in no way, ensures that the encrypted files will be decrypted back.
But, irrespective of whichever type the
ransomware is, all their purpose is same – to extort money from the
user.
How does ransomware infect a computer ?
Ransomware is a type of Trojan (What is a trojan ?).
It can infect a computer by different means.
In some cases, the ransomware hides
himself in a software that appears useful or interesting to the user
and convinces him to install it. On installation of the apparently
benign software, the malware infects the computer silently and stops
its operations.
Sometimes, it even enters the system by
fake upgrades of software. While entering an unsafe website, a popup
window may appear and ask the user to upgrade software like Adobe
Reader, Flash Player or Java Runtime Environment. And, faking the
update of the software, it infects the computer.
Ransomware may even enter a system
through a downloaded file or a vulnerability in a network service.
Please note that, most of the cases the
infection of ransomware begins with carelessness of the user. For
example :
- On visiting an unsafe, untrusted or suspicious looking website, the malware may infect the system.
- Many a times, a victim first gets an email from untrusted sender with an email attachment and is tricked to click on it. And, on opening the attachment, the malware silently infects the computer.
- Ransomware may infect a system if the user clicks on any suspicious link in an email or a website, without properly knowing what the link contains.
- Ransomware may hide itself with some apparently interesting software, on downloading which it infects the computer.
- Many a times, ransomware infects a computer taking advantage of security vulnerabilities of commonly used software in the computer.
Some Examples of Ransomware
Very recently, a number of ransomware
infected lots of computers extorting hefty amount of money from the
user or the organization. A few of them are mentioned below :
Petya Ransomware
Petya
Ransomware is
a ransomware which infects a victim's machine mostly via an email
attachment and affects the Master Boot Record or MBR and Master File
Table or MFT of the system. It also encrypts the files in the system
and asks for a ransom of 0.99 Bitcoins from the victim to recover the
encrypted files.
As
per most of the reported cases, the victim first receives an
attachment of an email which seems to be from some applicant seeking
for a job position. On opening the attachment, the malicious troja
starts executing and rewrites the MBR of the system.
Actually,
the malware encrypts the Master
File Table
of the system which contains information on every file in the file
system including file size, time, date stamps, permission, data
contents etc. Without this MFT file system cannot access any file
from the file system. As a result, the computer becomes inaccessible
to the user.
The
ransomware then displays a specific screen to give instructions on
how to pay the ransom.
More
information on Petya Ransomware can be found here : Petya
Ransomware
TeslaCrypt Ransomware
TeslaCrypt is a ransomware which infects a computer mostly with some specific games installed and encrypt important files. And then, it extorts a ransom of $500 in order to obtain the secret key for decrypting the encrypted files.
Attackers first send spam emails to victims and use social engineering to convince the victims to open the email. On opening the attachment, the malicious JavaScript code starts execution and infects the computer with TeslaCrypt ransomware.
Upon
infection, the ransomware searches for a list of files with some
specific extensions, which are mainly involved in saving data, player
profiles, custom maps and game mods, and encrypt them. The newer
variants of TeslaCrypt are not focused on computer games only, and
can encrypt files including Word, PDF and JPEG.
TeslaCrypt
encrypts important files with AES symmetric keys and asks for a
ransom of $500 worth of Bitcoins to get the secret key to decrypt the
encrypted files.
More information of TeslaCrypt ransomware can be found here : TeslaCrypt
CryptoLocker
Another
widely known ransomware of 2013 was CryptoLocker. It would
infect a computer and encrypt important files of some specific file
extensions with a 2048-bit RSA key. It would then blackmail the user
saying, it would destroy the private key of the encryption if a
specific amount is not paid within 3 days of the infection. As the
keysize was large, it would become extremely difficult to decrypt the
encrypted files. The attackers used to demand payments using
Bitcoins. And if not paid within 3 days, the payment amount would
increase to 10 BTC, which is equivalent to approximately US$ 2300.
Another ransomware became widely known in Australia in September, 2014 and it
was named CryptoLocker.F. It would spread to computers using
fraudulent emails. The emails would falsely claim that the user has a
failed parcel delivery from Australian Post. The emails would then
redirect the users to an unsafe website. It would make the users to
enter a CAPTCHA and then infect the computer. It would typically
encrypt the important files in the system and claim extortion amount
from the user to buy the encryption key. A notable victim of this ransomware was Australian Broadcasting Corporation and it disrupted
their live TV program for almost half an hour.
Purpose of Ransomware
The
intention of all ransomware is same – to extort money from the
user. In most of the cases the attackers use untraceable payment
systems like wire transfer, premium rate text messages, online
payment voucher services like Ukash or Paysafecard or even digital
currency Bitcoins. As a result, it becomes very difficult to trace
the perpretators.
How to prevent ransomware ?
We
can always take a couple of steps to protect us from ransomware. A
number of them are mentioned below :
- Keep your computer updated with anti-malware programs from trusted sources.
- Take regular backup of your system, so that you can restore it at any time if ransomware infects the system.
- Be careful while opening email attachments. It is advisable not to open any email attachment from any unknown sender.
- Avoid clicking on any link if you are not very sure what the link contains.
- Always keep your Operating System and other commonly used software updated with recent security patches. Many a times, ransomware infects a computer taking advantage of security vulnerabilities of commonly used software.
- Do not install any software from untrusted sources.
- Attackers often trick a user to click on malicious links taking advantage of pop-ups. So, it is always advisable to enable pop-up blocker.
- Configure firewalls in your system (What is firewall and how does it protect a computer ?).
Mitigation of Ransomware Infection
If
your computer is infected with ransomware, you can take a couple of
steps as a mitigation :
- Disconnect the computer from the Internet, so that data from your system cannot be transmitted back to the attackers.
- If you already have the backup of your data, reinstall the system and restore the files.
- Alert appropriate authorities so that proper action can be taken.
- Please do not pay any ransom to the attackers. Because that is the reason the attackers are making the attacks. If you pay them extortion amount, it would only encourage them more to perform more attacks. Moreover, there is no guarantee that the system or the crucial files will be restored even after paying the ransom money. Instead, use a fully updated reliable security programs to restore the system and its files.
So, avoid suspicious emails, links or
software updates. Keep your system fully updated with a reliable
security programs. Use firewalls. And stay safe, stay secured.
Read More
Infographic : How to backup data ?
How to prevent phishing ?
What is social engineering ?
How do attackers spoof email addresses and how to prevent it ?
Infographic : How to prevent ransomware
How to create a strong password ?
What is 2 Factor Authentication and why should we always enable it ?
Infographic : How to prevent malware ?
No comments:
Post a Comment