Of late, we have seen or encounter an increase variant of ‘malware’ called Ransomware, while this is not new but the threat is slowly increasing & Malaysia is one of the top countries to be affected of late. (http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/crypto-ransomware-spreads-into-new-territories & http://www.thestar.com.my/News/Nation/2015/01/31/cybersecurity-beware-of-ransomware/). This trend WILL continue to grow.
What is ransomware?
Type of malware that encrypts the files belonging to an individual on a computer, demanding a ransom (money) in order to restore the files
How does one get infected & what does it do if the computer is infected?
This type of ransom attack can be accomplished by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim. If the victim opens/executes the attachment, the program encrypts a number of files on the victim’s computer. A ransom note is then left behind for the victim. The victim will be unable to open the encrypted files without the correct decryption key. Once the ransom demanded in the ransom note is paid, the cracker may (or may not) send the decryption key, enabling decryption of the “kidnapped” files.
Why should you or companies care?
There isn’t a way to recover the files if it is infected. The only way is to pay the ransom (range from USD 100s to possibility of Millions), even institution like FBI recommends to pay the ransom if the files are important to you or the company (https://securityledger.com/2015/10/fbis-advice-on-cryptolocker-just-pay-the-ransom/). Imagine if the files affected were students information like results, fees, records, etc. How much is this worth to you or the company?
The most recent case is on 15th February 2016 a hospital in the States had to pay USD 17,000 in order to recover patients medical records. (http://www.tripwire.com/state-of-security/latest-security-news/hollywood-hospital-pays-17000-to-ransomware-attackers/), can’t imagine how much damages it would cost the hospital if they didn’t pay up.
Just last year Israel’s Electric Authority was also affected by Ransomware “http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/israels-electric-authority-hack-caused-by-ransomware”
What can you do to prevent it?
- Ensure you backup your files into cloud storage like Dropbox, Google Drive, etc
- Do not follow unsolicited web links in email, some emails are too good to be true, do verify if the email is legit;
- Be extra careful when opening email attachments, the ransomware will normally disguise itself to look like a normal document;
- Avoid websites that offer free paid applications unless from reputable source;
- Use a reputable Web Security or Internet Security product (not just Antivirus)
- Avoid using pirated software/applications
- Follow best and safe practices when browsing the web.