Ransomware — what should you do?
What is Ransomware?
Ransomware is a type of malware. The attacker encrypts the victim’s data and threatens to publish it if the demanded ransom is not paid. The victim will not be able to access their data as the attacker encrypts the data. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin. Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment.
How do ransomware attacks work?
The Ransomware attackers carried out in 3 steps as follows
- Crypto Virus installation (Attacker — Victim): An attacker will access the victim’s data through many data such as email, masquerading as a file they should trust. Once a link is opened or a file is downloaded, the malware generates a random symmetric key and encrypts the victim’s data with it. It also uses a public key to encrypt the symmetric key. This is called hybrid encryption and it also displays a message to the victim on how to pay the ransom.
- Victim’s Response (Victim — Attacker): The victim has to send the response in ciphertext (Ciphertext is an encrypted text and is not understandable until it has been converted into plain text using a key) along with the payment to the attacker
- Attacker’s Response (Attacker — Victim): The attacker then decrypts the string using the private key, which discloses the symmetric key and public key. Finally, sending both back to the victim. Who will use them to decrypt the data files?
Who is the target of Ransomware?
The Major targets for a ransomware attack are
- Organizations holding third-party information stored by the primary victim (such as customer account information or health records).
- Organizations holding Information proprietary to the victim (such as trade secrets and product information).
- Organizations holding Embarrassing information (information about the victim’s past)
The primary target of such attacks is government agencies, healthcare / medical facilities, Law firms where the user base is critical and ready to pay the ransom immediately.
Why is Ransomware dangerous?
Ransomware is very dangerous as it directly impacts the victim and brings their day-to-day activity to a halt. The attacker not only blocks the victim from accessing the data, but there is also a potential threat of stealing the victim’s data. Stolen information is just another way that crooks can leverage their power over the organizations they victimize. This dangerous virus can change your filenames’ extensions, making them function in unpredictable ways or make them not functional at all.
Famous Ransomware examples:
As we have a fair idea of ransomware and the impacts. Let us know a few of the famous ransomware attacks in the past.
- Bad Rabbit
The listed examples are only a handful, and the impact of such attacks is numerous like an ocean. The monetary loss, but the victims are also affected mentally during the period of the attack.
How to prevent Ransomware?
Any major cyber threats can be avoided by having awareness. Educate end-users not to open emails or attachments from unknown senders or download any software from torrent sites. It is always a best practice to browse secure websites and not open any link which is not known.
It is always recommended to update the OS to the latest patch level. Having the OS with the latest patch will help to prevent known ransomware attacks from happening. Always access/store critical information in a secured environment. Deploy advanced security mechanisms to block phishing attacks. Finally, it is still a best practice to install antivirus software on end-user computers.
What to do in case of a ransomware attack?
The standard recommendation is never to pay the criminals who propagate ransomware, because financial success will attract more criminals to the industry. Organizations holding critical and sensitive information considering the time factor and reputation tend to pay the ransom. However, we don’t have any reactive measures that are useful. We should always try to avoid such a situation. Always follow the best practices and recommended preventative measures to prevent such attacks.