Ransomware is a type of malware used by cybercriminals, it is an evolving type of malware created to encrypt files on a device, leaving any data restricted and the systems inoperable. If a host or network has been infected with ransomware, the ransomware restricts access to files and data. Cybercriminals then demand ransom money (typically in cryptocurrency) from victims in exchange for keys to decrypt the compromised data. Victims of ransomware attaks have three options after an attack: either pay the ransom, try to get rid of the ransomware, or wipe the system(s). Generally, victims are shown instructions on how to pay the ransom to get the decryption key. The costs can range anywhere from thousands to even millions of dollars, depending on the victim, payable in untraceable cryptocurrency.
Two most common types of ransomware
- Locker ransomware - This type of malware disrupts basic computer functions. For instance, a victim may be denied access to their affected device, while the keyboard and mouse are partially disabled. This allows the victim to continue interacting only within the window displaying the ransom demand to make the payment.
- Crypto ransomware - While this type of ransomware encrypts victims’ critical data, including pictures, videos, and documents, it does not interfere with basic computer functions. This method is sought to spread panic since victims can only see their files but not open them. Cybercriminals often add countdowns to their ransom demand using this form of ransomware, once the countdowns up, the data is wiped.
How ransomware works?
There are a few methods that ransomware can be introduced to compromise a computer or systems. Phishing or spam is one of the most common delivery systems. Victims are sent emails with attachments, hiding as a file they may trust. When victims download and open the attachments, their devices are compromised. The malware can do several things after gaining control of the victim’s computer, but often the most common action is to encrypt all or some of the victim’s files. The victim cannot open those compromised files without a decryption key which is only known by the hackers. The victim’s computer displays a message that their files cannot be accessed and will only be decrypted when they send untraceable payments, through crypto or gift card payments to the attacker.
Sometimes attackers may also deploy variations like ‘doxware or leakware’ where the attacker threatens to leak or publish sensitive data unless a payment is made.
How to prevent ransomware?
Ransomware can be devastating to both individuals and companies. Many companies budget “ransom funds” and pay off the ransom, but there is no guarantee that the compromised data will be recovered. Recovery can be a grueling process that will require the help of data recovery experts, or thorough backups. Listed below are some points to keep ransomware at bay.
- Do not install or allow administrative access to any unknown or suspicious software.
- Always keep devices up to date with the latest operating system security patches and updates.
- Install antivirus software. Invest in antivirus software that detects malicious activities like ransomware.
- Use a firewall ‘allow’ listing to allow only authorized programs to run on your network.
- Scan both sent and received emails to spot malicious activity and intent. Filter executable files from reaching users.
- Enable strong spam filters to block phishing emails from reaching their destination and verify inbound emails to better avoid email spoofing. Conduct training with employees to better recognize suspicious or malicious emails.
- Implement a backup and recovery policy, both in data recovery and the development of a Disaster Recovery Plan (DRP). This will not stop an attack but can alleviate the impact and downtime costs associated with the recovery process.
- Follow healthy security habits when using devices connected to the internet.
For more tips and updates, visit https://blog.excellimatrix.com/
You can also reach us out on Facebook, & LinkedIn or Contact us.