What is Ransomeware?
Ransomware is malicious code that is used by cyber criminals to launch data kidnapping and lock-screen attacks. The motive for Ransomware attacks is monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Payment is often demanded in virtual currency to protect the criminal’s identity.
Ransomware malware can be spread through malicious e-mail attachments, infected software apps, infected external storage devices and compromised websites. In a lock-screen attack, the malware may change the victim’s login credentials for a computing device; in a data kidnapping attack, the malware may encrypt files on the infected device as well as other connected network devices.
Ransomware kits on the deep web have allowed cybercriminals with little or no technical background to purchase inexpensive ransomware-as-a-service (RaaS) programs and launch attacks with very little effort. Attackers may use one of several different approaches to extort digital currency from their victims.
For example:
- The victim may receive a pop-up message or email warning that if the ransom is not paid by a certain date, the private key required to unlock the device or decrypt files will be destroyed.
- The victim may be duped into believing he is the subject of an official inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
- The attacker encrypts files on infected computed devices and makes money by selling a product that promises to help the victim unlock files and prevent future malware attacks.
While ransomware attacks may be nearly impossible to stop, there are important data protection measures individuals and organizations can take to insure that damage is minimal and recovery is a quick as possible.
Protect Yourself From Ransomware Attacks
Ransomware, which is often transmitted by email or web pop-ups, involves locking up people’s data and threatening to destroy it if a ransom is not paid. The global cyberattack has affected 200,000 Windows computers in more than 150 countries, including China, Japan, South Korea, Germany and Britain.
What can businesses and individuals do to protect themselves from ransomware? Here are some tips from security experts.
Update your software
Security experts believe the malware that spurred this global attack, called WannaCry, may have initially infected machines by getting people to download it through email. After that, the malicious code was able to easily travel to a broader network of computers that were linked together through the Windows file-sharing system. (Users of Macs or other non-Windows computers were not affected.)
The most disheartening revelation from the cyberattack was that there was a fix available for the ransomware before the attack. Microsoft, which makes Windows, released a patch for the WannaCry vulnerability eight weeks ago, said Chris Wysopal, the chief technology officer of Veracode, an application security company.
Consumers can remedy this by configuring their Windows machines to automatically install the latest software updates.
Even though WannaCry specifically targeted Windows machines, that does not mean Mac or Linux users are off the hook in the future. Other breeds of malware may infect various operating systems, so no matter which device you are using, you should regularly update your software to install the latest security enhancements.
Install antivirus software
In addition to keeping Windows up-to-date with the latest security enhancements, antivirus software can prevent malware from infecting your computer. 30 percent of popular antivirus systems were capable of detecting and neutralizing the ransomware.
Of course, with antivirus software, the same principle applies: Make sure to keep the antivirus app up-to-date, too, so it blocks the latest emerging malware. Also, download antivirus apps only from reputable vendors like Kaspersky Lab, Bitdefender or Malwarebytes.
Be wary of suspicious emails and pop-ups
Security experts believe WannaCry may have initially infected machines via email attachments so avoid clicking links inside dubious emails.
Look carefully at the email address of the sender to see if it is coming from a legitimate address. Also, look for obvious typos and grammatical errors in the body. Hover over hyperlinks (without clicking on them) inside emails to see whether they direct you to suspicious web pages. If an email appears to have come from your bank, credit card company or internet service provider, keep in mind that they will never ask for sensitive information like your password or social security number.
Look carefully at the email address of the sender to see if it is coming from a legitimate address. Also, look for obvious typos and grammatical errors in the body. Hover over hyperlinks (without clicking on them) inside emails to see whether they direct you to suspicious web pages. If an email appears to have come from your bank, credit card company or internet service provider, keep in mind that they will never ask for sensitive information like your password or social security number.
In addition, ransomware developers often use pop-up windows that advertise software products that remove malware. Do not click on anything through these pop-ups, then safely close the windows.
Create backups of your data
In the event that a hacker successfully hijacks your computer, you could rescue yourself with a backup of your data stored somewhere, like on a physical hard drive. That way, if a hacker locked down your computer, you could simply erase all the data from the machine and restore it from the backup.
In general, you should be creating a copy of your data in the first place, in case your computer fails or is lost. To be extra safe from hackers, after backing up your data onto an external drive, unplug the drive from the computer and put it away.
Create a security plan for your business
For larger businesses with hundreds or thousands of employees, applying security updates organization-wide can be difficult. If one employee’s machine lacks the latest security software, it can infect other machines across the company network.
Mr. Chris Wysopal (an entrepreneur, computer security expert and CTO of Veracode) said businesses could learn from how WannaCry spread through the Windows file-sharing system by developing a strict schedule for when computers company-wide should automatically install the latest software updates. Businesses should determine the best time to apply these security updates to office computers without interrupting productivity, he added.
Information technology professionals should also regularly educate and test employees on spotting suspicious emails.
What to do if already infected?
If you are already a victim of ransomware, the first thing to do is disconnect your computer from the internet so it does not infect other machines. Then report the crime to law enforcement and seek help from a technology professional who specializes in data recovery to see what your options might be. If there are none, don’t lose hope: There may be new security tools to unlock your files in the future.
In some extreme cases, it might make sense to pay a ransom if you have no backups and the encrypted files are valuable, Mr. Wysopal said. But he added that with WannaCry, people definitely should not pay the ransom. That’s because the hackers are apparently overloaded with requests from victims asking for their data to be released — and many who have paid the ransom are not hearing back.
No comments:
Post a Comment