Understanding and Handling Ransomware

Ransomware is a type of cyberattack wherein malicious software takes control of a system and prohibits the user from accessing that system. The attacker usually encrypts a system to make it inaccessible and then demands a ransom from the user for resuming the services, which may or may not happen once the ransom is paid. The user is generally asked to pay via certain online payment methods, without which they are not provided with the decryption key.

Ransomware can infect systems via email with PDF or Word attachments or links to certain websites. It can also infect systems through malicious advertisements asking the users to click on a certain link, or attackers may use social engineering tactics, such as posing as government agents, to scare the user and receive the ransom immediately.

Ways to Attack

Ransomware either encrypts your data allowing you to enter the system or takes control of the entire system and forbids you from gaining access to the system.

Let us further understand these two types of ransomware.

• Locker Ransomware – Locker ransomware, like Reveton, was first seen in 2012, when it locked users’ computers and prohibited them from logging in. What displayed on the screen was a message that looked like it was coming from the FBI or a government organization accusing the user of involvement in illegal activity and asking him to pay a fine to resume the services.
• Crypto Ransomware – Crypto ransomware, like CryptoLocker, denies access to files or data through encryption. Once all the files are encrypted, the ransomware displays a message demanding money from the user so as to send the user the decryption code. Also, the message warns the user that the decryption code will not be received or will be destroyed if the money is not received within a stipulated time.

Other examples of crypto ransomware include CryptoWall, TorretLocker, CTB_Locker, Locky, and WannaCry.

What Ransomware Targets

Initially, attackers targeted individuals, but gradually, they realized its potential to harm businesses and diverted their attacks to organizations. These attacks became successful in halting businesses’ processes and productivity and resulted in the loss of data and revenue.

What to Do Once Attacked

If you find your system infected with ransomware, never pay the ransom. This is a recent suggestion given by the FBI that will eventually help discourage the attackers and reduce such attacks. It has also been observed that one out of every five companies doesn’t get the data back, so it is pretty likely that you do not get your data back.It is important to prepare yourself and defeat ransomware attacks by taking some preventive measures.

• Keep a backup of your data. This backup must be updated regularly.
• Never provide personal or official information while answering an email, a call, or a text message.
• Software for scanning and filtering data at regular intervals must always be installed on your systems.
• Detect malicious activities by installing antivirus software and building a software firewall.
• If you detect any malicious activity, disconnect the system from the network immediately. This technique may or may not prevent all the files from being encrypted, but immediate action can definitely prove beneficial.

Fend Off Ransomware

There are some techniques that can help remove ransomware.If you can enter the system even after the attack, immediately put the system in safe mode and run an antivirus scanner to ward off malware.If the attack prevents you from getting past the system, then you can try some tricks mentioned below:

• Reinstall your operating system.
• Run an antivirus program via an external source such as a drive or a bootable disc.
• Implement System Restore and restore the unattacked data.

Loss From Ransomware

Ransomware attacks cost a lot to companies, and this cost includes damage to data, loss of productivity, downtime, disruption to business routines, time for investigation, restoration of data and systems, and damage to reputation.As per a recent report from Cybersecurity Ventures, ransomware will cost $11.5 billion to companies in 2019, up from the estimated cost of $5 billion in 2017.It is shocking to know that a company is hit with ransomware every 40 seconds, and more than 15% of businesses in the top 10 industry sectors have already been attacked. According to Cybersecurity Ventures, businesses will be attacked by ransomware every 14 seconds by the end of 2019.Today, with ransomware being the utmost worry for all IT pros, priority is being given to creating a human firewall by providing training to employees on security solutions. Training employees will help bolster cyber defense because these attacks basically target common users not aware of such attacks. Also, there are many popular cyber security courses and certifications available in the market for individuals who wish to get trained in cyber security. One must know that CISSP is the most demanded course amongst all.