Ransomware has quickly become the most popular type of malware. Recent ransomware attacks have prevented hospitals from providing essential services, crippled public services in cities, and caused significant damage to various organizations.
Ransomware is malicious software that uses encryption to demand a ransom on victim information. A user’s or organization’s essential data is encrypted so they cannot access files, databases, or applications.
A ransom is then demanded to allow access. The ransomware are often designed to spread across a network and target database and file servers, and can therefore quickly cripple an entire organization. It is a growing threat, generating billions of dollars in payouts to cybercriminals and inflicting massive damage and expense on businesses and government organizations.
How does ransomware work?
Ransomware uses the encryption asymmetric. It is a cryptography that uses a pair of keys to encrypt a file. The pair of public-private keys is uniquely generated by the attacker for the victim, with the private key to decrypt the files being stored on the attacker’s server. The attacker only makes the private key available to the victim after the ransom has been paid, although as seen in recent ransomware campaigns, this is not always the case. Without access to the private key, it is nearly impossible to decrypt ransom-demanded files.
There are many variants of ransomware. Often ransomware (and other malware) is distributed through spam email campaigns or targeted attacks. The malware need an attack vector to establish their presence on a terminal. Once its presence is established, the malware remains on the system until its task is completed.
After successful infiltration, the ransomware drops and executes a malicious script on the infected system. This script then searches and encrypts valuable files, such as Microsoft Word documents, images, databases, etc. Ransomware can also exploit system and network vulnerabilities to spread to other systems or even organisations whole.
Once the files are encrypted, the ransomware asks user to pay ransom within 24-48 hours to decrypt files otherwise they will be lost forever. If a backup of the data is not available or if these backups themselves have been encrypted, the victim must pay the ransom to recover their personal files.
How to protect yourself from it?
The best way to avoid the threat of your essential files getting locked out is to make sure you always have backup copies of them, preferably in the cloud and on an external hard drive. So, in case of ransomware infection, you can wipe your computer or device and reinstall your files from the backup. Your data will be protected and you will not be tempted to reward the authors of the malware by paying a ransom. Backups won’t prevent ransomware, but they can mitigate the risk.
Secure your backups
Make sure your backup data is not accessible for modification or deletion from the systems where it resides. Ransomware will seek out data backups and encrypt or delete them so that they cannot be recovered. So use backup systems that do not allow direct access to backup files.
Use an antivirus and keep it up to date
Make sure all your computers and devices are protected with security software. security complete and keep all your software up to date. Be sure to update your devices’ software early and often, as fixes for vulnerabilities are usually included in every update.
Be careful while browsing the web
Be careful what sites or links you click on. Don’t respond to emails and text messages from people you don’t know and only download apps from trusted sources. This is important because malware writers often use thesocial engineering to trick you into installing dangerous files.
Use only secure networks
Avoid using networks Wi-Fi publics, because many of them are insecure and cybercriminals can spy on your internet usage. Instead, consider installing a VPN, which provides you with a secure connection to the internet no matter where you are.