Ransomware-Let’s Fight Back!

Hi, I am back with my next post and I am going to be talking about Ransomware here :)

When I heard the term “Ransomware” for the first time, it sounded like a cult force trying to highjack the world around me. Well, I was partially correct; atleast, this is what I am going to tell myself ;)

This inquisitive side to know more and more made me research on Ransomware and it was like I spent even the wee hours of my days delving deeper into this unknown land. I am now going to disseminate this illumination that I’ve had to all of you…

Ransom is the sum of money demanded for release of a captive; we all know it from all those retro Bollywood or Hollywood movies we gazed upon with awe in our childhood, right!

Similarly in the digital world, Ransomware, which is a malware in principle, demands ransom for release of files. The attackers encrypt user files and provide decryption key only when ransom is paid. So, Ransomware gets your whole ecosystem of personal files down, gains full control and requires you to pay for your own files. This can be catastrophic for states, organizations and even individuals like you and I. Imagine, you no longer can view the pics from your last summer trip and need to pay up to gain access. Pretty darn sad, right!

These attackers seek the usage of cryptocurrency, typically Bitcoin, but a number of prepaid voucher services like MoneyPak, Ukash, or PaySafe are also used.

Now, lemme divulge a secret. Shhhhh! I am going to tell you how this malicious ransomware gets installed on your computers.

First, it executes, unpacks and collects your information. Next, it changes registry settings to maintain persistence. Third, it disables system restore data and deletes all data in VSC (Volume Shadow Copy). It’s now that it fetches public key from the C&C (Command and Control) server and enumerates all files to be encrypted. Next it encrypts all files and if a new file is created or encryption then the original one is deleted. Finally, the encryption key is removed from the local machine and sent back to the server. The deployment of the malware maybe carried out in a variety of ways like phishing, Vulnerability exploits, Drive-by-downloads and strategic web compromise. So, this is some serious problem that needs critical attention and resolution.

Because paying the ransom does not guarantee that you will get your files back. Certain preventive measures that can be taken are- install browser protection and ad-blocking on end user devices. In some older versions of Microsoft office macros are enabled, but they are a major security threat because they are used to introduce micro virus into the system and hence should be disabled. Keep all your software applications well patched because we are not living in an age where an antivirus program can be your ultimate shield.

So, having told you about Ransomware elaborately, I must also tell you that for every new tactic these attackers uncover, there are ways to protect against it. And, I will be telling you exactly that in my next blogpost… Stay tuned to keep yourselves and your digital selves protected :)