After WannaCry ransomware attack 2017, most have aware of Ransomeware. WannaCry or Wanna Decryptor is a ransomware program targeting Microsoft Windows. On Friday, 12 May 2017, a large cyber attack was launched, infecting more than 230,000 computers in 150 countries. So today we are going to discuss Ransomware attack and How you can protect your system from it.
What is Ransomware?
Ransomware is a type of sophisticated malicious software that blocks the victim’s access to his/her files until a ransom is paid and displays a message requesting payment to unlock it. Normal ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. But most advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
Normally There are two types of ransomware:
- Encrypting ransomware: This type of ransomware contain advanced encryption algorithms. It’s designed to block system data files and demand ransom to provide the victim with the key that can decrypt the blocked content. Example: CryptoLocker, Locky, CrytpoWall
- Locker ransomware: This type of ransomware locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. Though the files are not encrypted but the attackers still ask for a ransom to unlock the infected computer. Example: Winlocker, police-themed ransomware
- Master Boot Record (MBR) ransomware: When MBR ransomware strikes, the boot process can’t complete as usual and prompts a ransom note to be displayed on the screen. The Master Boot Record is the section of a PC’s hard drive which enables the operating system to boot up. Example: Satana, Petya
Top targets for ransomware creators and distributors
Police departments, city councils, and even schools and, worse hospitals. Clearly, ethics or morality have no weight in today’s money-hungry cybercrime business.
10 Simple Steps to Protect Your System From Ransomware
- Never open spam emails or emails from unknown senders.
- Never click links in spam emails or suspicious emails.
- Don’t store important data only on PC.
- Backups your Data File on an external hard drive and in the cloud – Dropbox/Google Drive/etc.
- The Dropbox/Google Drive/OneDrive/etc. application on your computer is not turned on by default.
- Always update your operating system & software including the latest security updates.
- Remove the following plugins from your browsers: Adobe Flash, Adobe Reader, Java, and Silverlight. If you absolutely have to use them, set the browser to ask you if you want to activate these plugins when needed.
- Adjusted your browsers’ security and privacy settings for increased protection.
- Visit websites that have HTTPS connection.
- Use a reliable, paid antivirus product that includes an automatic update module and a real-time scanner.
How to get your data back without paying the ransom
We recommend you to use a sizeable list of malware ransomware decryption tools. There are many types of ransomware out there, but cyber security researchers are working to break the encryption. Unfortunately, the most notorious families have proven to be unbreakable so far.
Why ransomware often goes undetected by antivirus
Communication with Command & Control servers is encrypted and difficult to detect in network traffic. It features built-in traffic anonymizers, like TOR and Bitcoin, to avoid tracking by law enforcement agencies and to receive ransom payments. Ransomware uses anti-sandboxing mechanisms so that antivirus won’t pick it up
Fig : The number of users encountering mobile ransomware at least once in the period April 2014 to March 2016
Source: KSN Report: Mobile ransomware in 2014-2016