6th Aug 2020

Ransomware explained: Facts and Prevention

Network

Written By, Abhishek Solanki

Overview

The 21st century is known as the Computer Yug in which everything is available online and we are surrounded by computers. From paying bills to the food we can get online. So as much as technology has improved, crime takes place in technology as well and it is known as cybercrime.

Where criminals known as attackers try to exploit vulnerabilities of victims’ systems and gain access to the system so s/he can perform malicious operations. Today we will learn about one of the huge threats to our organization, government, colleges, and other sectors which is known as Ransomware.

What is Ransomware?

We all heard the term ransomware many times, but what is ransomware???

Ransomware is a malicious software or malware which restricts users from accessing their systems and mobile devices. Attacker demands to pay ransom in order to gain access back to your system.

What are the types of ransomware?

Mainly there are two types of ransomware:

  1. Locker
    In this type of attack, control to the system or mobile device is taken by the attacker until the victim pays the demanded ransom via untraceable bitcoin. For example WannaCry, GoldenEye
  2. Crypto
    In this type of attack, the attacker encrypts the valuable files of the victim’s system or the whole system and shows steps to pay the ransom on the screen in order to get the decryption key. For example Locky, Ryuk, Cryptolocker, Petya

All those names mentioned in the example are some of are the deadliest malware of all time; like GoldenEye is also known as the deadly sibling of WannaCry.

This malware was used by an attacker in the Chernobyl Nuclear plant popped up as a prompt in the system to check radiation level manually and they clicked on it all the windows systems were locked out.

How does it spread?

Now let’s talk about how does it spread over the internet.

One of the most traditional and known mediums where not only ransomware, all other kinds of viruses can infect your system is the spam email. Sometimes users are not aware of malicious file attachments, they click on it and malicious software gets installed in the system and if that system is connected in the organization’s network might be possible it will infect many other systems as well.

Spear Phishing where the user is interacting with a malicious website that looks totally legitimate. In such a scenario that malicious site prompts an offer or an update notification such as please update your adobe flash player when the user clicks on it and that malicious program gets loaded in the system and it’s being compromised.

Waterhole in which attackers target a particular group and observe their activity on the internet and they usually infect one or more websites with malware which is commonly used by all the members of a group and eventually one or member or the whole group got infected by the malware.

How they target victims?

So let’s talk about how attackers target their victims.

There are some things according to it any attacker can target the organization or company.

  • Who cannot afford downtime
  • Huge user base and less security comparatively
  • Government Organizations
  • Medium-sized companies

There are many more than mentioned above let us see in little details.

Companies like stock exchange, entertainment, ISPs, Medical organizations, etc., are the kind of people who cannot afford downtime and they pay ransom very quick so they can continue their business.

If we talk about huge user bases and less security this kind of situation is usually in colleges and universities where there is lots of file sharing, some pirated software users are there so it is easy for attackers to get access and exploit vulnerabilities to deploy ransomware.
ransomware
Why government organizations pay ransom soon because they don’t want to be in the news. So they pay ransom ASAP to the attackers.
Attackers always ask payment in the form of untraceable bitcoins.

Let us see some statistics and surveys done by a huge company last year.

A survey was done by the company VansonBourne on behalf of Sophos they identified the respondents from multiple sectors

ransomware-statistics

According to a company survey the highest number of attacks done in India it’s almost 82%. They also found that more than 50% of systems are infected by RDP (Remote Desktop Protocol) which is now pronounced as Ransomware Development Protocol by some penetration experts.

How to prevent ransomware?

There are some of the most common steps by which we can prevent ransomware and even if got infected we can recover all the files if we take proper precautions right now.

  • Security Patch Updates:
    You must have the latest security patch updates in your system and mobile device. Install the best antimalware software which is compatible with the system as well as with mobile devices and scan your system on a daily basis.
  • Avoid Pirated Softwares:
    Stop using pirated softwares and pirated OS as well because it has security loopholes which are an open invitation for attackers. If you used to surf on torrent use a secure connection like VPN.
  • Install Firewall:
    Firewall is available for both home users and enterprise users. According to requirements, install a best quality firewall by which you can protect your gateway so most of the threat cannot enter your network.For rest you can configure email security, endpoint security so you can make the internal network secure as well.
  • Back up your data daily:
    Backup is the most important part of preventing ransomware attack, if you have proper and secured backup you don’t need to pay ransom. If you think you have backup in your HDD or on cloud and it is secure then you’re wrong.Best system admins across the globe use a technique called 321 which is

    • 3 Copies of data:
      Make 3 copies of your backup files.
    • 2 On different media
      Use 2 different mediums to store your data i.e. 1 on cloud and 2nd on NAS drive or your system etc.
    • 1 Offsite
      This is the most important one that a third copy of the data backup must be stored offsite as well as offline. Never connect this backup with the internet and even with your intranet. If in case attacker encrypt your NAS drive and cloud backup you still have that one last offline backup so you can disconnect all the system from internet and restore data one by one at this point you have to face little downtime but you save the huge amount of ransom that you are about to pay if you don’t follow these steps.

Written By,

Network Admin at Yudiz Solutions Pvt. Ltd