The passion of creating and solving codes has been both a boon and a curse in the recent years. On one hand, we get to witness digitalisation of the world, and the other represents the dark side of this ‘crypto-game’.
Cybercrime, to be precise.
Hackers today, with their sophisticated methods and ever-smart minds, get into your system quietly sneaking out all your valuable data. The easy availability of the ever-advanced encryption algorithms makes this process a hundredfold easier for cyber criminals. There is a reason why we are witnessing a series of such cases as the days pass by.
The worse comes in the form of Ransomware, though.
Remember the WannaCry ransomware scenario of the past May? Where it was able to creep in and infect over a quarter million computers from over 150 countries around the globe?
Ransomware software installed sneakily by these money-hungry hackers, instead of stealing your sensitive data, holds it as a hostage until you pay the asked amount in bitcoins. A pretty effective way for some easy money indeed.
This technique is nothing new though; ransomware’s history dates back to 1989. But it’s just past few years when the cybercriminals have adopted it as an ultimate weapon!
So how does a ransomware creeps into your system? Let’s have a look.
How Is Ransomware Delivered?
After the hackers have decided upon the targets, specifically a windows system or a particular hosting system, they generally use the following methods to deliver the ransomware to them:
1. Spear-phishing email with malicious attachments
Gone are the days when we could easily identify and avoid a phishing mail. Today’s world is of spear-phishing emails that are always camouflaged as something pretty important, like a client’s mail or even your boss’.
Such mails are framed to beat the security measures by avoiding the general executables.
2. Embedding Infectious Files into your Operating System
Hackers also like using less direct and more effective methods of sneaking into your system like infusing an encrypted JS file into an archive that will automatically launch the default browser further extending the malware’s reach into your browser and system.
3. Using Exploit Kits
Exploiting kits also help hackers transfer ransomware to the target systems or channels by exploiting the unguarded web servers. They, then, host a series of malicious scripts on such web servers to further exploit the users visiting them.
Now when you know about the malicious ransomware and how it could reach you, it’s important for you to learn how to prevent them. Better safe than sorry!
How can you Prevent a Ransomware Infection?
Here is a list of tried and tested ransomware prevention techniques that might help you divert such risks in real-time:
- Use standard and advanced anti-malware software. Keep them up to date.
- Never skip a patch update. Such patches are made to cover the vulnerability noticed in an OS, network system, application, or a software. Always remember that most of the WannaCry victims were the ones that neglected the patch update Microsoft had issued a few months prior.
- Limit the access of your applications by running them on a minimal privilege.
- CREATE BACKUPS. The thumb rule to save your system and the important data is to create as many backups as you can and store them at different locations.
- Third party intrusion should be controlled especially with over sensitive files and data.
- Encrypt all your data so no one other than the actual controller could read or write them.
- Maintain the regular testing routine of the recovery function and the data integrity of the backups so you know they are actually accessible once your actual data is lost.
- Educate your employees about the ransomware methods and conduct a series of mock drills so they are actually prepared if such a thing happens in real.
- Keep the macros on ‘disable’ all the time.
- Always go for a genuine software. Installing pirated software in your company systems should be deeply discouraged
- Avoid downloading software or applications from unauthorized or unknown sites.
- Disable autoplay option altogether
- Hidden file extension should always be in a working mode
- Go for pop-up blocker to avoid any URL redirection
- Use a separate browser to do access important data when you are surfing
- Block all the known malicious IP addresses
- Uplift your Firewalls by performing standard security baseline configurations
- Use legitimate content and spam checkers to go through all your mails
- Never click any mail sent by an unknown sender
- Deny any file with two extensions at the mail gateway
How to Respond to a Ransomware Incident:
If you have been infected by a ransomware, there is a list of things you should follow to get your data back:
The first step is to validate if it’s a ransomware incident. Many cases have been reported where the users report it as a ransomware case when it’s an adware or phishing event.
Check if your files are actually locked and the screen only shows a ransomware note demanding a specific payment.
If that’s the case, you need to isolate the infected machines to stop it from spreading. Disconnect the network servers and shut them off completely.
This step involves actual removal of the infection from the system and bringing them back to functioning state.
Data is wiped from the system and then the backup is restored to each of the machines after preserving the ransomware evidence.
The last step is to find out and mend the vulnerabilities in the system that caused the malware in the first place. The systems are revamped and new technologies are embedded to put a stop on all the future incidents.