What you need to know about Ransomware


Viruses are getting more and more daring.  This time the new threat called "RANSOMWARE" seems to emulate the real world ransom which is being done by terrorists.  In this article we will educate you on how it works so that you can always be alert of what you do online.


What is Ransomware?


Ransomware passed the US1 Billion mark in 2016 according to FBI records. It is by far the most dangerous of current cyber threats. Ransonware is a malicious software that allows a hacker to restrict access to an individual's or company's vital information and then demands some form of payment to lift the restriction.  In order to cover their footprints, hackers usually demands bitcoins as payment.

It will only take 15 minutes from the time an attack is launched to the time a demand for ransom is made by the hackers. Cyber criminals using ransomware gets an estimated monthly income of $10M to $50M

According to available data 72% of companies affected by ransomware cannot access their data for at least 2 days following the attack.  32% of companies even lost access to their data for 5 days or more.  The biggest worry here is the fact that the hackers can actually gain access to the information your company has even if they restore access to you after paying the ransom.

How does a Ransomware attack occur?


The process of a ransomware attack is very quick.  Giving the fact that you only have as little as 15 minutes, you need to recognize it asap.  You need to be very careful and cautious.

The ransomware process


  1. Exploitation and Infection (00:00).  Like most viruses that tries to gain access to your system it needs to inject the malicious ransomware to your computer.  To do this, hackers usually puts it as part of e-mails which will usually look like legit e-mails from your company, or your boss or your business partners.  It usually contains a URL to an application, most of the time a SaaS application such as Salesforce, Workday or ZenDesk.
  2. Delivery and Execution (00:05).  Once you click on the link, the ransomware is now delivered to your system.  Upon execution, persistence mechanism will be put into place.  
  3. Backup Deletion (00:10).  In order to fully become functional and legitimate the ransomware will look for all backup of your data and system on your computer.  This will prevent you from restoring from any backup mechanism.  
  4. Encryption (02:00).  The program will now encrypt your system and provide an encryption key to the hacker.  This encryption key will be the only means to unlock the system.
  5. Ransom Notification (15:00).  Now that you do not have access to your system, you will receive an instruction on how to get your system back.  The information will include the amount of payment, how to pay it and the number of days to do so.  If you fail to pay during the required time, the amount increases.
Sample message upon completion of encryption

Once you pay or even before that, there is a mechanism by which the malware cleans itself.  By cleaning itself, it does not leave any forensic evidence nor data that will help you build a better defense against it.

How to prevent ransomware attack?


So how do you prevent a ransomware attack on your system?  Well, here are some of our suggestions

  • Invest on a good firewall and defense mechanism for your system.  Ensure that they are good enough to detect any malicious file introsion.
  • Be vigiland and do not just click on anything attached on an e-mail.
  • Use an e-mail system that is proven to detect malicious content on their e-mails like Gmail.  If you are using your own e-mail server then be sure to install a protection system that works.

Ransomware doesn't just impact home computers. Businesses, financial institutions, government agencies, academic institutions and other organizations can and have been infected with ransomware. Such incidents destroy sensitive or proprietary information, disrupt daily operations and, of course, inflict financial losses. They can also harm an organization's reputation. Attackers aim at targeted files, databases, CAD files and financial data. For example, Cryptolocker was used to target more than 70 different file extensions, including .doc, .img, .av, .src, .cad. 
"Ransomware is a very challenging threat for both users and antimalware companies, boosting impressive capabilities and an unprecedented success rate in extorting money from its victims." says Bitdefender Chief Security Strategist.
Thanks for reading.  Please do like our Facebook page - Tech Review Ph.


Visit My Blogs:
Products Blog The Life Trends Online Magazine Otaku Cosplay PH  BizH2o

Follow me on:
Facebook Twitter: @shenbrood Instagram: shenbrood Tumblr Google+

SHARE

About David D'Angelo

    Blogger Comment
    Facebook Comment

1 comments:

  1. Do you want to know more about Showbox? Click here for more info. techdock

    ReplyDelete