13.1 C
New Delhi

A deadly game of virtual attacks Ransomware!

Date:

Share post:



What is Ransomware? Ransomware is a type of malicious software, in short called malware that infects a computer and restricts users’ access to it, until a ransom amount is paid to unlock it. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert.



Typically, these alerts state that the user’s system have been locked or that the user’s files have been encrypted. Users are told that unless a ransom amount is paid, access to the computer system and files, will not be restored. The ransom demanded from individuals varies greatly, but is frequently range between US$ 200 – US$ 400 and must be paid in virtual currency, such as Bitcoin or any other crypto currency.



How does a computer system become infected with the Ransomware? Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed in the system, without the user’s knowledge. Crypto currency ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. For example, vulnerable web servers have been exploited by hackers, as an entry point to gain access to an organisation’s network.



Why is Ransomware so effective? The authors of ransomware attack, instill fear and panic into their victims, causing them to click on a link or pay a ransom, and users’ system can become infected with the additional malware. Ransomware displays intimidating messages similar to those below:



“Your computer has been infected with a virus. Click here to resolve the issue.”

“Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a US$100 fine.” Pay fast and don’t complain to security agency.

“All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”



What is the possible impact of the Ransomware attacks? Ransomware not only targets home users; businesses entities can also become infected with ransomware, leading to negative consequences, including temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and
Potential harm to an organisation’s global reputation.



The ransomware attacks have dramatically increased during the ‘work from home’ or WFH situation, as eWorkers do not enjoy the security of ‘castle and moat’ model and are always vulnerable to attacks as there is no ‘perimeter security’ and cloud storage of data becomes vulnerable to possible phishing and spear phishing attacks, which are very targeted and pointed attacks.


Paying the ransom amount does not guarantee that the encrypted files will be released back; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.



What do I do to protect against Ransomware?


Attacks can be devastating to an individual or organisation, and recovery can be a difficult process that may require the services of a reputable data recovery specialist;


US – CERT or United State – Computer emergency response team, recommends that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:



Employ a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process.



Note that network-connected backups can also be affected by ransomware; critical backups should be isolated from the network for optimum protection.



Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the targets of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.



Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing the same.



Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.



Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the system.



Do not follow unsolicited web links in emails, as part of directed spear phishing attacks.



Individuals or organisations are discouraged from paying the ransom, as this does not guarantee files will be released. However, the FBI has advised that if Cryptolocker, Cryptowall or other sophisticated forms of ransomware are involved, the victim may not be able to get their data back without paying a ransom.



What do I do if I believe my system has been infected by Ransomware?



Preliminary signs that your system may have been infected by Ransomware are:



Your web browser or desktop is locked with a message about how to pay to unlock your system and / or your file directories contain a “ransom note” file that is usually a .txt file.



All of your files have a new file extension appended to the filenames

Examples of Ransomware file extensions: .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .encrypted, .locked, .crypto, _crypt, .crinf, .r5a, .XRNT, .XTBL, .crypt, .R16M01D05, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, .encryptedRSA, .crjoker, .EnCiPhErEd, .LeChiffre, .keybtc@inbox_com, .0x0, .bleep, .1999, .vault, .HA3, .toxcrypt, .magic, .SUPERCRYPT, .CTBL, .CTB2, .locky or 6-7 length extension consisting of random characters are some of the probable extensions.



Responding to a Ransomware Infection to the computer systems and what to do if you believe your system has been infected with ransomware are as follows:

1. Disconnect from the Networks; Unplug Ethernet cables and disable wifi or any other network adapters.

Put your device in Airplane Mode

Turn off Wi-Fi and Bluetooth

This can aid in preventing the spread of the ransomware to the shared network resources such as file shares.

2. Disconnect External Devices; immediately disconnect:

USB drives or memory sticks;

Attached phones or cameras

External hard drives

Or any other devices that could also become compromised.


Ransomware is a growing menace and Russian hackers are making life difficult for US based companies and extract ransom upto US $ 2 million or above.



Virtual thieves can attack anytime, anywhere and at any place.

Rajiv Saxena
Rajiv Saxena
Rajiv Prakash Saxena is a graduate of UBC, Vancouver, Canada. He is an authority on eCommerce, eProcurement, eSign, DSCs and Internet Security. He has been a Technology Bureaucrat and Thought leader in the Government. He has 8 books and few UN assignments. He wrote IT Policies of Colombia and has implemented projects in Jordan, Rwanda, Nepal and Mauritius. Rajiv writes, speaks, mentors on technology issues in Express Computers, ET, National frontier and TV debates. He worked and guided the following divisions: Computer Aided Design (CAD), UP: MP: Maharashtra and Haryana State Coordinator to setup NICNET in their respective Districts of the State, TradeNIC, wherein a CD containing list of 1,00,000 exporters was cut with a search engine and distributed to all Indian Embassies and High Commissions way back in the year 1997 (It was an initiative between NIC and MEA Trade Division headed by Ms. Sujatha Singh, IFS, India’s Ex Foreign Secretary), Law Commission, Ministry of Law & Justice, Department of Legal Affairs, Department of Justice, Ministry of Urban Development (MoUD), Ministry of Housing & Urban Poverty Alleviation (MoHUPA), National Jail Project, National Human Rights Commission (NHRC), National Commission for Minorities (NCM), National Data Centres (NDC), NIC National Infrastructure, Certifying Authority (CA) to issue Digital Signature Certificates (DSCs), eProcurement, Ministry of Parliamentary Affairs (MPA), Lok Sabha and its Secretariat (LSS) and Rajya Sabha and its Secretariat (RSS) along with their subordinate and attached offices like Directorate of Estate (DoE), Land & Development Office (L&DO), National Building Construction Corporation (NBCC), Central Public Works Department (CPWD), National Capital Regional Planning Board (NCRPB), Housing & Urban Development Corporation (HUDO), National Building Organisation (NBO), Delhi Development Authority (DDA), BMPTC and many others.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related articles

After Sambhal, Varanasi, now Bareilly and Aligarh… where have the Mandirs been found closed so far?

In many cities of Uttar Pradesh, closed or illegally occupied temples are being found. This trend that started...

Germany Christmas Market Attack – Over 10 dead after a Saudi Fugitive drove his car into crowd

At a Christmas market in the German city of Magdeburg, a car drove into a crowd of people....

Arakan Army in western Myanmar claims to have captured a major regional army headquarters

A powerful ethnic armed group in western Myanmar claimed Friday to have scored a major victory in the...

‘Trudeau failed in the biggest job’, says Jagmeet Singh as NDP set to vote to bring Trudeau government down

In what comes as a major setback for Canadian PM Justin Trudeau, his former ally Jagmeet Singh of...