Ransomware – A Detailed Description

 

What is Ransomware?

Ransomware is a type of malware (MALicious softWARE) that works by attacking a victim’s data and encrypting it so that the victim can’t access the data. The attacker then demands a ransom amount to decrypt the data and sometimes within a deadline set by the attacker. Advanced malwares use a technology called crypto-viral extortion, which when properly implemented makes it an intractable problem to recover the files without the decryption key. Also, digital currencies like paysafecard and bitcoin or cryptocurrencies are used for the ransom.

 

How does Ransomware work?

Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that are used is tricked into downloading or opening when it arrives as an email attachment. There are a number of ways ransomware can use to access a computer. Most common among these are phishing spams which come as attachments that come to the victim in an email, appearing as a trustworthy file. On opening, these files takes over administrative access on the victim’s computer. It can proceed in different ways now – most common being encryption of some files and prompting a message saying the files is no more accessible. The files can not be decrypted now without a mathematical key known only to the attacker. May be, the attacker would claim it as a legal action and shutting down the victim’s computer due to some illegal or pirated software and demand for a “fine”.


 

Who are the targets to ransomware attacks?

Ransomwares were initially used against individual systems but on realizing its full potential cyber criminals started using it against businesses. The potential targets for ransomware attackers are those organizations which tend to pay the ransom amount immediately as they would need immediate access to their files; like government organizations and medical organizations. Next potential target may be those websites which are not very secure. Also, organizations that deal with very confidential or important data like business strategies, defense plans, etc. These organizations compromise with the ransom amount to prevent any breach of their data and avoid any controversy.

 

How to overcome ransomware infection?

All ransomwares do not have a decryptor created for them and sometimes there is a decryptor but not of the updated version same as the ransomware. This may further encrypt the files. Therefore, paying the ransom is not always the ultimate solution to ransomware infection.

Once a ransomware has attacked a system, the user needs to:

·        Reboot the system to safe mode
·        Install antimalware software
·        Scan the system to find the ransomware program
·        Restore the computer to a previous state
·        A bootable CD or USB drive can also be used



But it any of these cases, the encrypted files can’t be restored. The damage has already been done and decryption key is possessed only by the attacker. It is practically and mathematically impossible to restore the files without the decryption key and the possibility of knowing the decryption key by paying the attacker is already destroyed.

 

How to prevent being infected by ransomware?

There are a number of steps one needs to follow to prevent ransomware attacks. First and foremost, one must keep the operating system up-to-date so that no vulnerability is present in the system. Then one should use some good ransomware prevention software which provides both anti-exploit technology and anti-ransomware technology. After this, a regular back-up of the files and the system should be maintained either on cloud systems which include high-level encryption or multiple-factor authentically or any external USB drive or hard drive and keep it physically disconnected to avoid getting it infected by the same malware. Above all of this, a person should be smart enough while browsing and not surfing websites or opening files or emails which seem to be suspicious.



 

References:

https://en.wikipedia.org/wiki/Ransomware

https://www.malwarebytes.com/ransomware/

https://www.kaspersky.com/resource-center/definitions/what-is-ransomware

 

3 Comments

  1. That's a really good article!! Keep posting :D

    ReplyDelete
  2. A good informative article. Worth my time reading it. Waiting for more useful info..

    ReplyDelete