‘Ransomware is a popular
term that frightened people around the world recently. It is a malware
that is created to obtain a ransom from the person of an infected
system. The most famous ransomware type is encrypting ransomware which
can encrypt the hard drive of your computer and prevent you from
accessing your data inside it. In order to decrypt your data, the
attacker request you to pay a ransom. However, ransomware is being
around for a while and recent reports show that the attackers have
greatly improved and use ransomware in more effective ways even
evading the mobile phones. 2017 was a year that created havoc for
businesses worldwide due to the Ransomware such as NotPetya, WannaCry,
Locky and Bad Rabbit.
The growth in digital payment methods, mainly Bitcoin has also become
a supportive factor for the fast growth of ransomware attacks. Bitcoin
helps to anonymize the transactions and to prevent the identification
of the criminals. Hackers request to pay the ransom in bitcoins so it
will be impossible to trace back the criminal.
According to the reports, NotPetya considered to be the most
destructive ransomware attack in 2017. Not only NotPetya was able to
cripple down the Ukrainian power plants, banking services and
supermarkets but also it was able to get infected in to hundreds of
thousands of computers of 100+ countries around the world.
WannaCry is the other destructive malware which was able to get
infected more than 300,000 devices around the world and scared many
more in May 2017 and was able to cripple the banks, law enforcement
agencies, and other infrastructure.
In Bad Rabbit ransomware,
users got affected through fake Adobe Flash software updates. When the
software is downloaded and run, the user is infected with ransomware
where their files were encrypted. All these three attacks were
targeting the Microsoft Windows based systems exploiting SMB protocol
using the EternalBlue vulnerability.
DoubleLocker, was a ransomware which got infected in Android devices
and encrypted the victims mobile phone and modified its PIN also.
Attackers gave 24 hours’ deadline to the victims to pay the ransom.
Once your device is infected with a ransomware, you will lose access
to your data and will see an image that says the files are encrypted
and to recover the files you should submit the payment and get the
decryption key. For example, the attackers behind Bad Rabbit were
demanding 0.05 Bitcoin (£220) from victims, in exchange to provide the
decryption key for their encrypted devices.
predicts ransomware damages will cost the world $5 billion in 2017 and
climb to $11.5 billion in 2019. Therefore, protecting ourselves from
ransomware is very important and a timely requirement. Through the
good cyber practices, the users will be able to protect themselves not
only from ransomware but also from other security related threats as
Stay up to date - Ensure you apply all updates on all your devices.
The operating system patches and software patches are important. The
patches are used to fix the vulnerabilities. Do not run software
updates that are prompted by third-party sites. If you do need to
update your software, directly get it updated through the vendor’s
Virus guard to protect your system - Use a good anti-virus software
and keep it up to date. Regular updating of the virus-guard is very
important to keep your system healthy and secure.
Think before you click - Do not click on any suspicious links or do
not download any suspicious attachments. They can contain malicious
codes which can infect your system or which can lock you out from
using your own device.
Back it up - Make sure you back up your system. Store your files
securely offline. If you maintain regular backups and keep it safe and
secure even you get infected with the ransomware you can lessen the
pain since you can restore everything from the backup.
Should you pay the Ransom?
– According to the Security experts’ advice
YOU SHOULD NOT PAY
the ransom in order
to obtain the decryption key. There are two reasons for this. One is
even though you pay the requested ransom, receiving the decryption key
is not guaranteed. Therefore, paying the ransom can be a waste of your
money. And the other reason the experts say is, by paying the ransom
you are becoming a willing participant in a crime.
is an Information Security Analyst at Sri Lanka CERT|CC