Ransom is a word that was mostly associated with kidnappings. Enter the Digital Era. The word ‘ransom’ now has associations with the cyber world too! Introducing the latest and most widespread menace in the world of Information Technology – Ransomware. What is ransomware? How to avoid ransomware attacks? The ensuing sections shall give you some handy tips for preventing ransomware attacks, and what to do in its aftermath.
What is Ransomware?
Ransomware garnered global attention after the infamous WannaCry attack on the National Health Services, UK, in 2017. Coming to what is ransomware? It is malicious software or malware that encrypts data on the system it attacks. It then locks the user out of the system and blocks the data until the payment of a ‘ransom’.
In layman’s terms, a ransomware attack leaves the user with two choices. Pay the ransom and hope to reclaim the data, or avoid paying and lose the system’s data indefinitely.
The main objective of ransomware attacks is to extract money from hapless users, usually in the form of cryptocurrencies. Cyber criminals generally target ransomware attacks at high-profile businesses or organizations such as hospitals, public schools, law enforcement agencies etc. that deal with huge amounts of confidential data.
Distribution of Ransomware
Did you know that ransomware hits an enterprise every 40 seconds?
Miscreants send hundreds and thousands of spam emails every day. So, no points for guessing! Email is the most widely used channel for the distribution of ransomware. Phishing emails containing malicious attachments urge users to click on a link leading to the webpage containing the malware.
Cyber conmen may sometimes also use compromised websites for the distribution of ransomware using a tool called ‘exploit kit’. The tool scans the computer to identify software containing vulnerabilities that attackers can exploit to download and install ransomware.
Above all, it is the curiosity of netizens that has led to the increase in ransomware attacks and distribution. Known as ‘social engineering’, it the technique of coercing individuals to click on a malicious link or divulge confidential details.
Identifying Ransomware Attacks
Being able to identify ransomware is foremost in order to execute steps for preventing ransomware attacks.
Ransomware attacks are of two types – one that encrypts files on a system/network, second that locks the victim’s screen. Like WannaCry, some ransomware attacks have the inherent nature of worms. These distribute themselves amongst other systems connected to the infected network without any interaction with the infected user or attacker.
The most common symptom of a ransomware attack is when the computer becomes inaccessible with a ransom message popping up on the screen. In some cases, a pay page pops up immediately, either on a browser or a text editor.
Interestingly, certain malware called ‘wiper malware’ presents and masks itself as ransomware. However, in such cases, the files are not decrypted even after the payment of ransom.
Tips for Preventing Ransomware Attacks
Ransomware attacks are getting more complicated by the day. In fact, 2017 witnessed an increase in new ransomware variants by 4.3 times compared to 2016. Shockingly, 67% of businesses targeted by ransomware attacks permanently lost a part of all of their enterprise data.
1. Fortify Email Security
Emails remain the favorite medium for launching mass targeted attacks with 1 in 131 emails containing a malware! In fact, ransomware delivered through phishing emails grew by over 97% by the end of 2016.
Anyone who connects to the internet or works on a network uses emails. Therefore, it is of utmost importance to secure this key source of vulnerability.
Be careful before clicking on attachments or links in emails from unsolicited sources. Inform your IT team immediately when you receive a suspicious email. If you feel that the mail is from a known source, ensure that you check the legitimacy of the mail.
Ensure that the mail servers of your organization have content scanning and filtering features which scan incoming emails. By doing so, you can block or avert emails having attachments that could pose a threat.
2. Secure Your Network & IT Environment
By now you are aware of the damage wreaked by ransomware on a single computer. Imagine then what happens when it distributes itself over the entire network! This is the worst nightmare for any organization and its IT department.
Implement a data security software for checking incoming emails before their delivery to the intended recipient. This helps to significantly curb the spread of malware inside the infected organization’s network. Additionally, a network security software also keeps a tab on the outgoing traffic. Therefore, it deters any attempt of the ransomware to begin the encryption process by connecting to the external server.
Keep your organization and personal computing devices secure by employing genuine antivirus software and firewalls. Avoid using pirated software as they offer bleak chances of protection from ransomware and other cyber attacks.
Make sure that you regularly update your software and operating systems and install the latest patches. Regular patching ensures that attackers are unable to exploit the software or network vulnerabilities for launching an attack.
3. Create and Spread Awareness
Employees are the building blocks of any organization. Thus, it is crucial to make them a crucial part of the cyber security process. Often, ransomware and other cyber attacks are successful due to an individual’s ignorance and lack of training on incident response. An organization must take proactive steps to transform panic into an intelligent incident response by educating each and every employee.
Conduct awareness and training sessions for all employees, including higher management and IT professionals. Educate them on the tips to avoid ransomware attacks and the steps to undertake in its aftermath.
Train your IT or Cyber Security team regularly to keep them abreast of the latest threats. They should have access to the latest resources for being cognizant of newer techniques to ward off threats.
What to Do In the Event of a Ransomware Attack?
Say, a ransomware attacks you. Panic ensues. Plausible. But what next? The moments in the aftermath of a ransomware attack are very crucial. Here’s what you must do.
1. Do NOT Pay the Ransom
In spite of all the panic, DO NOT pay the ransom! We mean it when we say that paying the ransom does not ensure the decryption of your locked data. In most cases, the attack is a ‘ranscam’ or wiper malware in the guise of ransomware. This means that even after you pay, you do not get your data back. The result – NO data, and LOST money!
Moreover, paying the attackers and giving them exactly what they wanted indirectly fuels their malicious intentions. It encourages them to continue with their unscrupulous yet profitable business model! Also, know that it takes days to set up a Bitcoin wallet to pay the ransom. Just keeping you informed!!!
2. Try Decrypting the Data
If you are lucky enough, the ransomware may be poorly coded or may have leaked master keys. And since you have nothing to lose, it’s worth a shot to check for a suitable decrypting tool online. CAUTION – DO NOT try your hands at decrypting the data if it is absolutely an unknown territory for you! Take the help of a specialist instead. Nonetheless, the decryption attempt comes with the rider of losing the data forever if something goes wrong.
3. Exercise Extra Caution
The period following a ransomware attack is even more opportune for cyber criminals to launch other forms of cyber attacks.
DO NOT entertain any demand for divulging confidential information when responding to a phone call, message or email. Fraudsters trick victims into installing malware or disclosing sensitive details (passwords, login IDs, account details etc.) by claiming to be from a Cyber Security Firm or from the IT Department.
Inform your organization’s IT and Cyber Security Teams immediately if you or your colleagues receive suspicious calls or emails.
4. File Restoration
If possible, try restoring the affected files from a reliable backup source. Restoration is a robust tactic to regain access to the impacted files.
ARDC – In the League of Preventing Ransomware Attacks
Ransomware attacks are not getting any easier to manage. In the wake of its evolution and proliferation, taking adequate steps to avoid ransomware attacks is primary. As stated above, you can take proactive measure for preventing ransomware attacks from affecting your personal or corporate data.
The Center for Advanced Research in Digital Forensics and Cyber Security (ARDC) is a digital and cyber forensics research facility located in Bangalore and Chennai. The team of digital forensics experts at ARDC backed by industry mavens conducts cutting-edge research on the latest cybercrime landscape. This enables them to offer cyber security training and awareness to law enforcement agencies and other key stakeholders.