What is Ransomware?
Ransomware is a type of malware (MALicious softWARE) that works by attacking a victim’s data and encrypting it so that the victim can’t access the data. The attacker then demands a ransom amount to decrypt the data and sometimes within a deadline set by the attacker. Advanced malwares use a technology called crypto-viral extortion, which when properly implemented makes it an intractable problem to recover the files without the decryption key. Also, digital currencies like paysafecard and bitcoin or cryptocurrencies are used for the ransom.
How does
Ransomware work?
Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that are used is tricked into downloading or opening when it arrives as an email attachment. There are a number of ways ransomware can use to access a computer. Most common among these are phishing spams which come as attachments that come to the victim in an email, appearing as a trustworthy file. On opening, these files takes over administrative access on the victim’s computer. It can proceed in different ways now – most common being encryption of some files and prompting a message saying the files is no more accessible. The files can not be decrypted now without a mathematical key known only to the attacker. May be, the attacker would claim it as a legal action and shutting down the victim’s computer due to some illegal or pirated software and demand for a “fine”.
Who are the
targets to ransomware attacks?
Ransomwares were initially used against individual systems
but on realizing its full potential cyber criminals started using it against businesses.
The potential targets for ransomware attackers are those organizations which
tend to pay the ransom amount immediately as they would need immediate access
to their files; like government organizations and medical organizations. Next
potential target may be those websites which are not very secure. Also,
organizations that deal with very confidential or important data like business
strategies, defense plans, etc. These organizations compromise with the ransom
amount to prevent any breach of their data and avoid any controversy.
How to
overcome ransomware infection?
All ransomwares do not have a decryptor created for them and
sometimes there is a decryptor but not of the updated version same as the
ransomware. This may further encrypt the files. Therefore, paying the ransom is
not always the ultimate solution to ransomware infection.
Once a ransomware has attacked a system, the user needs to:
· Install antimalware software
· Scan the system to find the ransomware program
· Restore the computer to a previous state
· A bootable CD or USB drive can also be used
How to prevent
being infected by ransomware?
There are a number of steps one needs to follow to prevent
ransomware attacks. First and foremost, one must keep the operating system
up-to-date so that no vulnerability is present in the system. Then one should
use some good ransomware prevention software which provides both anti-exploit
technology and anti-ransomware technology. After this, a regular back-up of the
files and the system should be maintained either on cloud systems which include
high-level encryption or multiple-factor authentically or any external USB
drive or hard drive and keep it physically disconnected to avoid getting it
infected by the same malware. Above all of this, a person should be smart
enough while browsing and not surfing websites or opening files or emails which
seem to be suspicious.
References:
https://en.wikipedia.org/wiki/Ransomware
https://www.malwarebytes.com/ransomware/
https://www.kaspersky.com/resource-center/definitions/what-is-ransomware
3 Comments
That's a really good article!! Keep posting :D
ReplyDeleteThankss.... will try my best
DeleteA good informative article. Worth my time reading it. Waiting for more useful info..
ReplyDelete