The number of Ransomware attacks is on the rise but there is no need to panic, as with any cyber threat they can be countered.
What is Ransomware?
Ransomware is a type of malware that essentially takes control of a machine and prevents users from accessing it. Often, Ransomware is triggered by a user clicking on a dodgy link either on a website or in an email, much the same way as other malware. The main difference, is that it is a type of malware that tries to force its victims into paying a ransom through certain online payment methods in order for them to regain access to their system or their data.
The first recorded incident of Malware occurred in 1989 with the ‘AIDS’ Trojan. The Trojan would prevent a user accessing their computer by claiming that the user’s license to use a certain piece of software had expired. It also encrypted files on the hard drive and demanded that the user pay $189 for the means to unlock it.
Today there are many different types of Ransomware in circulation. The most common types are known as Locker Ransomware and Crypto Ransomware.
Locker Ransomware denies a user access to the computer by locking the user interface and then demanding that the victim pays a fee in order to restore access. This type of ransomware normally just locks access to the interface and leaves files and system untouched. Locker ransomware often pretends to belong to law enforcement agencies to spook users into paying up.
Crypto Ransomware on the other hand denies access to files or data by finding and encrypting valuable data stored on a computer or device. The user cannot gain access to the files unless they pay a fee to obtain the decryption key from the scammers. This type of ransomware preys on people’s ignorance when it comes to the importance of backing up files. Once the ransomware gains access to a device it tries to remain hidden whilst it searches for files to encrypt.
Once the victim is presented with the malware’s message stating that their data is encrypted, it is too late. Crypto ransomware does not usually deny access to the device’s functionality or target critical system files, allowing users to use the device to perform a wide range of activities apart from accessing the encrypted data.
Once the ransomware infects the victim’s computer and blocks access to their data, it then needs to convince the user to pay the ransom to regain access. Both locker ransomware and crypto ransomware employ several behavioural-economic, psychological, and social-engineering techniques to persuade the user into paying the fee.
Depending on the ransomware variant, sometimes paying the ransom is the only option if the user wants to see the data again.
Reducing the Risks
Educate and inform: Ransomware is a constantly evolving threat so it’s important to keep up to date with new developments.
Patching Software: Ensure software and the operating system is up to date with security patches.
Use a comprehensive endpoint security solution: Use an endpoint security solution that incorporates both signature-based protection mechanisms and also heuristics, behavioural and reputation-based protection.
Use network protection: Many comprehensive endpoint protection products have an integrated IPS component.
Make Backups and have a plan: At a minimum make backups of the files that are important to you and do it regularly.
Don’t become a target, invest in protection and seek the advice of the professionals such as those at PGI Cyber.