What is ransomware
Ransomware is a type of malicious software(malware) that intends to extract ransom payment from a user. When a system is attacked by ransomware, all the document files on the hard drive and accessible network folders gets encrypted. Encrypted documents are unusable unless decrypted with a unique decryption key held by the attackers.
Soon after infecting the system, it displays instructions to pay ransom in order to obtain the decryption key. The ransom is asked to be paid in cryptocurrency (especially bitcoin). Paying the ransom doesn’t guarantee successful recovery.
Evolution and History of Ransomware
The scope and sophistication of ransomware are evolving at very high rate and there is a need to develop a cyber-security model against ransomware attacks.
Adam L Young and Moti Yung knew traces of using public key cryptography for malware attacks for e-money in 1996.
First ransomware is written by Joseph Popp, was the 1989 “AIDS” Trojan (also known as PC Cyborg) which indicated users that the user’s license to use a certain piece of software had expired and for the same user need to pay US$189 to “PC Cyborg Corporation” for the means to unlock the system.
Second Instances of ransomware were found in Russia between 2005 to 2006. Trend Micro-distributed a report on a case in 2006 that included a ransomware variant (detected as TROJ_CRYZIP.A) that compressed certain files and records overwriting the original content, leaving just the secret key secured compress records in the client’s framework. Further, it created a text file as ransom note to inform users that the files can be recovered in exchange in return for $300.
Impact of ransomware
- Encrypts records so you can’t utilize them
- Stop certain applications from running (like your web program)
- Temporary or perpetual loss of delicate or exclusive data
- Disruption to general operations
- Potential harm to an organization’s reputation
Types of Ransomware
- Lock Screen Ransomware – It limits the users from accessing the computer and demands the ransom to unlock the system by showing a full-screen message that prevents you from accessing your PC or files.
- CryptoLocker –It is a variant that encrypts the entire data of the computer system. This demands ransom from the user for the decryption key to unlock the encrypted files. This ransom is normally in the range of $300–$600 dollars and is mostly demanded in Bitcoin (a virtual currency).
How CAN I PREVENT SYSTEM FROM GETTING INFECTED?
- Be wary and skeptical of unsolicited email that demands immediate action even from well-known and reputable companies or government agencies, including well-designed but counterfeit invoices and failed courier delivery notices or claims of illegal activity
- Don’t click on links or attachments in email from unfamiliar sources or that seem suspicious—call the source to confirm authenticity
- Maintain up-to-date security (anti-virus) software
- Practice safe online behavior
Why Ransomware attacks are so effective
Cyber Criminals inculcate fear and panic into ransomware victims, that cause them to click on prescribed link or pay certain ransom amount in order to gain access to their systems with additional malware, messages like below:
- “Your system has been infected with the unknown virus. Click here to remove the virus and gain access to your system”.
- “Your System was used to visit websites with illegal content. To retain your system access, you must pay a $500 fine.”
- “All files on your system have been encrypted. You must pay this $900 within 48 hours to recover access to your system and files.”
How Ransomware Attacks work/ Modus operandi of attackers
- There are a number of ways an attacker can initiate an attack with the ultimate goal being to plant the malware/ransomware in the victim’s machine.
- Via malicious email attachment: The most common attack vector is a phishing email where the victim is tricked into clicking on a link in what appears to be a legitimate email / message / social media post.
- Hackers hack into vulnerable websites and upload their malicious code into it. People visiting those websites become victims of the drive-by attack. An application will get installed into their system without their consent.
But if you decide to risk paying the ransom you should know that the cybercriminal will likely require you to pay using Bitcoin (0.5 to 1 btc) or another virtual currency over the Tor network, which is software used to make web browsing anonymous. This implies that tracking the hackers is nearly impossible and if the deny unlocking your computer, you are pretty much out of luck and money.
How can a system become infected with ransomware?
Ransomware is likely to infect your system if you open malicious attachments or links in spam/phishing emails or by browsing risky websites. Systems that are already infected by other malware are prone to be commanded by attackers to retrieve and install ransomware.
Can ransomware spread from one computer to another?
Yes. Ransomware is becoming contagious. The updated version of ransomware intends to infect other systems by transforming affected document files into malicious ransomware programs. A system can get infected by operating such a document. This way, ransomware spreads its infection in all the systems that access a common shared folder.
Does security (anti-virus) software protect against ransomware?
Anti-virus software can detect and prevent inflection from existing ransomware variants. But there can be a time lag between the release of new ransomware variants and effective anti-virus protection. Although running an updated anti-virus software is vital yet it doesn’t guarantee 100% protection. Anti-virus program having an intrusion prevention feature can help to avoid dispersal of ransomware to other systems.
Can ransomware-encrypted files be recovered without paying ransom?
Document recovery can be achieved in specific conditions with former ransomware versions. Due to removal of flaws in the underlying encryption techniques, the recent ransomware cannot be evaded.
What can I do to protect documents against ransomware?
It is important to back up all the significant documents and files on a regular basis. If in case your system faces confrontation with ransomware, the documents cab ne recovered from the backup copy.
If your system is supported by a central IT department, you should ascertain to what extent your system’s documents are backed up for you. If your system is persona;, you need to take backups yourself.
It is additionally important to abide by the following backup practices:
- Backup media must be kept offline—a ransomware-encrypted backup copy on an always-connected portable drive is useless
- The backup process must be monitored to ensure backups complete successfully
- Periodically verify that files can be successfully restored from the backup
- Keep multiple backup sets
- Avoid opening unverified emails or clicking links embedded in them.
- Visiting unsafe, suspicious, or fake websites.
- Opening emails or attachments from unknown source.
- Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.
- Regularly update software, programs, and applications to protect against the latest vulnerabilities.
- Victims of ransomware attacks must disconnect their system from internet connections as the infected system can further infect other systems into the network.
- Educate yourself on how to detect phishing campaigns, suspicious websites, and other scams
- The most important defense mechanism of ransomware is to invest in cyber security and information security.
- Do not click on unknown link and images such extension with .svg and others.
- If you want to install some type of extension or add-ons then go to their official sites.
How to Prevent Ransomware Attack on Your Android Smartphone
- The first thing to do is to keep your Android device up-to-date. With Google’s security updates, you can keep your smartphone protected and safe from all sorts of malware and threats including ransomware.
- It is strongly recommended to download apps from only trustworthy sources like official Google Play store or Apple store. You should restrain downloading from any third-party source and website that seems unreliable. Most of the sites that offer free downloading of apps provide insecure services carrying malware or adware.
- Activate Google’s security system (Verify Apps) feature on your Android smartphone that examines an app for possible threats before installation.
To activate it, go to your Device Settings, Tap the Accounts–>Google–>Security–>Verify Apps. In ‘Verify Apps’ activate ‘Scan device for security threats’ feature.
- Take a backup of the device data in your PC, Google drive or portable hard disk. It will secure your data even if ransomware attacks your system. It is also useful if the hackers impend to delete the data. It is advised to check app’s rating and reviews on Play store before downloading and installing it. It will ensure validity of the app and will save your device from fake apps.