What, Why, and How of Ransomware

$300 – That’s the average ransom demanded by criminals when your system is infected by ransomware. WannaCry – a recent pandemic Ransomware attack; that demanded ransom in bitcoins, affected millions of Windows OS computers in over 150 countries. Over the last year, Ransomware has encrypted files and led to extortion from 40% businesses. This cybercrime threat is targeting utilities and enterprises for extorting millions of dollars. So, what exactly is Ransomware, why does your system get affected by it, and how do you protect your system from Ransomware?


What is Ransomware?

Ransomware is a malware that either encrypts files in your system which can only be unlocked by an encryption key or completely locks out your system. The first type which requires files to be decrypted is known as cryptors, while the second type is called blockers. Restoring a system rendered inoperable by blockers is easier than that by cryptors. Although decryption can take a long time without a key, the crypto algorithms can be decrypted by developing a decryptor. Cyber criminals usually demand ransom in the form of bitcoins, as the owner of this cryptocurrency cannot be traced easily. Other ways to demand ransom include mobile payments and anonymous e-wallets. Targets of ransomware include businesses, government and regulatory authorities, religious, educational, financial and healthcare institutions, emergency services, and of course the average users. Cyber criminals can steal sensitive information, transactional credentials, and spy on systems using this malware.


Why does your system get affected by ransomware?

Larger organizations are usually victims of spear phishing; wherein a seemingly authentic email contains links that lead to ransomware, or as an attachment. This leads to botnets which can launch a DDoS attack. Vulnerabilities in the browser, app or an OS which is not updated can be used to install ransomware while the unsuspecting user is browsing the internet. It can also spread through a local network which contains an infected machine or through advertising networks like Google Ads. The ransomware is put up as a banner which leads to websites full of malware. This trojan can be in the form of a plugin, or a torrent download too. Files with .exe, .VBS and .JS extensions are considered to be the source of most ransomware. A prompt to enable macros in MS Office files can be a strong indicator of malware. Some of the high-profile ransomware families include Cryptowall, SamSam, JigSaw, Chimera, Petya and Mischa, Cerber, Locky, Trylocker, HDD Cryptor, Reveton and Teslacrypt.    

How do you protect your system from ransomware?

Outdated software is vulnerable to ransomware attacks through exploit kits. Hence, installing the latest software patches (Especially for Oracle, Adobe, and Microsoft Apps) is one way to steer clear of this trojan. Using a network protection system for analyzing web traffic and emails is yet another way to fend off ransomware. Using UAC controls in Windows which let you adjust the permission level of your user account can help you protect your system. Overriding your browser’s user-agent – like ‘Firefox on Linux’ while actually using Firefox on Windows can trick this malware. Other obvious safety measures include blocking popups, using cloud security, avoiding suspicious links, and continuous monitoring.

In addition to these, having a backup plan that is robust and includes offline backup is critical to save your IT infrastructure from this malicious trojan – Ransomware.

Leave a Reply