Ransomware facts and mitigation tips

by CIRT Team

02 Oct 2016

in Articles, English articles, News

No Comments

59571

In the world of cyber security threats, Ransomware is a comparatively new word which has become a big concern in the recent years. In the US, May 2016 was the second worst month for Ransomware attacks in history. It came to light first time in the last year and caused a huge loss of data.

What is Ransomware?

Ransomware is a type of malware that accesses a victim’s files, locks and encrypts them and then demands the victim to pay a ransom to get them back. Ransomware infections threaten computer users with the destruction of data if they don’t pay the money to the crooks that created the infections. Cybercriminals use these attacks to try to get users to click on attachments or links that appear legitimate but actually contain malicious code. Ransomware is like the “digital kidnapping” of valuable data from personal photos and memories to client information, financial records and intellectual property. Any individual or organization could be a potential ransomware target.

What does Ransomware do?

Ransomware prevents from using PC normally, and will ask to give some ransom before you can use your PC. They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.

Ransomware do:

Prevent users from accessing Windows.
Encrypt files so users can’t use them.
Stop certain apps from running (like web browser).

Ransomware will demand that users pay money (ransom) to get access to your PC or files. Once executed in the system, a ransomware can be two types. Either it locks the computer screen or it encrypts predetermined files with a password. There is no guarantee that paying the fine or doing what the ransomware tells will give access to the PC or files again.

How does Ransomware work?

When Ransomware first hit the scene a few years ago, computers predominantly got infected when users opened e-mail attachments containing malware, or were lured to a compromised website by a deceptive e-mail or pop-up window. Actually Ransomware attacks are typically carried out using a Trojan, entering a system through, for example, a downloaded file or vulnerability in a network service. The program then runs a payload (the part of malware such as worms or viruses which performs malicious actions), which locks the system in some fashion, or claims to lock the system but does not. Payloads may display a fake warning purportedly by an entity such as a law enforcement agency, falsely claiming that the system has been used for illegal activities.

Protection against Ransomware:

Regularly backup your data to an external device, to the cloud, or both so that data can be available even if Ransomware attack happens.
Make sure all of your operating system and anti-virus/anti-malware programs are set to update automatically.
Think before you click an unknown link because almost all the Ransomware infection attacking happened by clicking on a link from a bogus email, a hijacked social media account, or another malicious source over the internet.
Enable spam email detection to avoid getting unwanted mails containing malicious attachments.
Always check who the email sender is. Check digital signature or certificates for any company or be sure the sender is trusted one before clicking any mail attachment.
Double-check the content of the message before sending.
Keep all machines clean to prevent any kind of cybercrime.
Get two-factor authentication system for strong security.
Every time you plug any USB or external device, do scan twice.
Make better passwords to enhance security of your computer and accounts.
When in doubt, throw it out. If any link or mail attachment looks suspicious just ignore it.

Ransomware is a very challenging threat for both users and antimalware companies. The threat is still growing. 50 new Ransomware families have already been seen within the first five months of 2016 alone, which is more than the numbers seen in 2014 and 2015 combined. Cybercriminals have also constantly improved ransomware’s hostage-taking tactics with the use of increasingly sophisticated encryption technologies. The ransomware threat is as real as it gets, but paying shouldn’t be an option, as paying the ransom does not guarantee that victims regain access to their locked files. So, there is no alternative of prevention to escape from Ransomware.