What is Ransomware ? This is a sophisticated piece of malware that blocks the victim’s access to his/her files on their own system/computer. This is a type of malware which affects desktop/computer and encrypt files/folders. Recently computer of 99 countries are being compromised and hacked through Ransomware. It largely hit businesses houses and large organizations like FedEx, Some of the larger banks, Renault, automobiles companies plant, UK hospitals, a Spanish telecom, the Russian Interior Ministry, Andhra Police etc.
Ransomware is a type of malicious software which control the user’s computer and locks the user out, preventing them from accessing any files until they pay certain sum of money. Name of this Ransomware program is WannaCry. For unlocking the computer or decryption of the files , they charge money in Bitcoin which is amounting $300, interestingly price increases over time.
There are two types of ransomware in circulation:
1. Encrypting ransomware, which incorporates advanced encryption algorithms. It’s designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content. Examples include CryptoLocker, Locky, CrytpoWall and more.
2. Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer. Examples include the police-themed ransomware or Winlocker.
Another version pertaining to this type is the Master Boot Record (MBR) ransomware. The MBR is the section of a PC’s hard drive which enables the operating system to boot up. When MBR ransomware strikes, the boot process can’t complete as usual, and prompts a ransom note to be displayed on the screen. Examples include Satana and Petya ransomware.
However, the most widespread type of ransomware is Crypto-ransomware or encrypting ransomware, which I’ll focus on in this guide. The cyber security community agrees that this is the most prominent and worrisome cyber threat of the moment.
Ransomware has some key characteristics that set it apart from other malware:
- It features unbreakable encryption, which means that you can’t decrypt the files on your own (there are various decryption tools released by cyber security researchers – more on that later);
- It has the ability to encrypt all kinds of files, from documents to pictures, videos, audio files and other things you may have on your PC;
- It can scramble your file names, so you can’t know which data was affected. This is one of the social engineering tricks used to confuse and coerce victims into paying the ransom;
- It will add a different extension to your files, to sometimes signal a specific type of ransomware strain;
- It will display an image or a message that lets you know your data has been encrypted and that you have to pay a specific sum of money to get it back;
- It requests payment in Bitcoins, because this crypto-currency cannot be tracked by cyber security researchers or law enforcements agencies;
- Usually, the ransom payments has a time-limit, to add another level of psychological constraint to this extortion scheme. Going over the deadline typically means that the ransom will increase, but it can also mean that the data will be destroyed and lost forever.
- It uses a complex set of evasion techniques to go undetected by traditional antivirus (more on this in the “Why ransomware often goes undetected by antivirus” section);
- It often recruits the infected PCs into botnets, so cyber criminals can expand their infrastructure and fuel future attacks;
- It can spread to other PCs connected in a local network, creating further damage;
- It frequently features data exfiltration capabilities, which means that ransomware can extract data from the affected computer (usernames, passwords, email addresses, etc.) and send it to a server controlled by cyber criminals;
- It sometimes includes geographical targeting, meaning the ransom note is translated into the victim’s language, to increase the chances for the ransom to be paid.
How To Avoid Ransomware ?
1.Never store important data only on my PC.
2. Always keep backups of data: on an external hard drive and in the cloud – Dropbox/Google Drive/etc.
3. The Dropbox/Google Drive/OneDrive/etc. application on computer are not turned on by default. Always open once a day, to sync my data, and close them once this is done.
4. Keep operating system and the software up to date, including the latest security updates.
5. Try to use guest account with limited privileges irrespective of Administrative account.
6. As far as possible turned off macros in the Microsoft Office suite – Word, Excel, PowerPoint, etc.
Safety In the browser
7. Removed the following plugins from browsers: Adobe Flash, Adobe Reader, Java and Silverlight. If absolutely have to use them, set the browser to ask when needed.
8. Always adjust browsers’ security and privacy settings for increased protection.
9. Removed outdated plugins and add-ons from browsers. Only keep such plugins which are use on a daily basis and keep them updated to the latest version.
10.Use an ad blocker to avoid the threat of potentially malicious ads.
Online behavior
11. Never open spam emails or emails from unknown senders.
12. Never download attachments from spam emails or suspicious emails.
13. Never click links in spam emails or suspicious emails.
Anti-ransomware security tools
14. Use a reliable, paid antivirus product that includes an automatic update module and a real-time scanner.
15. Understand the importance of having a traffic-filtering solution that can provide proactive anti-ransomware protection.