Ransomware, Risk, Prevention and Remedy.

Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.
The 'WannaCry' malware variant which broke out last week is using extortion-based operation that compromises the hosts systems by completely blocking access to all the files stored on the systems. The cyber-criminals then demand a ransom payment as the only recovery path.

What does ransomware do?
There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.
They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.
Ransomware can:
  • Prevent you from accessing Windows.
  • Encrypt files so you can't use them.
  • Stop certain apps from running (like your web browser).
  • Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. We have also seen them make you complete surveys.
  • There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
How can your system be attacked?
Ransomware can get on your PC from nearly any source that any other malware (including viruses) can come from. This includes:
  • Visiting unsafe, suspicious, or fake websites.
  • Opening emails and email attachments from people you don’t know, or that you weren’t expecting.
  • Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.
What Do I Need To Do?
According to Microsoft, It can be very difficult to restore your PC after a ransomware attack – especially if it’s infected by encryption ransomware.
That’s why the best solution to ransomware is to be safe on the Internet and with emails and online chat:
  • Don’t click on a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
  • If you’re ever unsure – don’t click it!
  • Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
  • Check our frequently asked questions for more information about ransomware, including troubleshooting tips in case you’re infected, and how you can back-up your files to help protect yourself from ransomware.
What to do if infected?

1. Isolate the infection
The first step, once you've been infected, is to immediately disconnect the infected computer from the network. Turn off wireless networking and Bluetooth. Disconnect from all peripherals, cloud services, and external hard drives. This ensures the infection can’t spread -- and prevents the malware from communicating with the mothership. It buys some time, and when the ransom note threatens to increase the payment if you take too long, every second is precious.
Remember the clock is ticking. The bad guys will carry out their threats if you take too long: Jigsawdeletes your files every hour you don't pay, and CryptoLocker used to increase the ransom amount if you didn’t pay within the imposed time limit.

2. Learn the malware’s true name
Knowing which ransomware variant you are dealing with can be tricky. There are nearly 70 families of ransomware, with some variants inconsistent with earlier versions. In some cases, as with TeslaCrypt, the message saying your files have been encrypted proudly includes the ransomware name. Reputation matters, because victims are more likely to pay up if they know that other victims successfully got access to their files after paying the ransom.

3. Look for a decryption tool
When you know the exact strain of ransomware you're dealing with, you can search for possible ways to treat the infection. A handful of public tools are available, but be warned they may not work on the specific ransomware version that nailed you.

Sources: Microsoft, Wikipedia, PCworld and InfoWorld

No comments

Powered by Blogger.