12.1 C
New Delhi

Ransomware – A necessary evil of the 21st Century

Date:

Share post:

Hackers (of the criminal variety) are a scary bunch – whether working as part of an organised unit or an idealist with a political agenda, or a lone wolf like an Al Qaeda operative, they’ve got the knowledge and the power to access the most precious data from the computers. If unethical hackers want to target a particular company, for example, they can find vast amounts of information on that company just by searching the web. They can then use that information to exploit weaknesses in the company’s security, which in turn puts the data you’ve entrusted to that company in great jeopardy.

COLONIAL PIPELINE, an American fuel carrier, said on May 8th 2021, that it had been the victim of a cyber security attack, forcing the firm to shut down its 5,500 mile (8,850km) pipeline, which transports petrol, diesel and jet fuel from the Gulf Coast to America’s East Coast. The company said the shutdown was only a precaution.



The attack, which occurred two days earlier, was reportedly carried out by DarkSide, a ransomware group thought to be based in Russia or elsewhere in the former Soviet Union. The group, which is known for imitating legitimate businesses, for example by issuing press releases and offering victims customer service took almost 100 Gigabytes of data from the Colonial’s corporate network and threatened to leak it onto the internet unless the firm paid a ransom, according to Bloomberg. FireEye, a cyber-security firm, is investigating the incident.

In April 2016, ISIL united five distinct hacking groups into a ‘United Cyber Caliphate’ (UCC). Its purpose was to build a cyber jihad army and create forums to enable followers to wage cyber – terror campaigns and conduct crime and muster support for sleeper cells. The UCC has been busy publishing kill lists, distributing cyber – operations guidelines on terror operations and inviting new followers. In another security breach, Wikileaks published a leak called Vault 7 consisting of approximately 9,000 files that detailed the activities, surveillance and cyber warfare capabilities of the Central Intelligence Agency (CIA) Center for Cyber Intelligence. These exploits were used to launch the massive WannaCry and NotPetya ransomware attacks, which helped close the gap between the capabilities of states and those of terrorists and criminals.

Such attacks are becoming more common. Even as rates of most crimes remain low in rich countries, cybercrime, crime committed mostly or entirely by digital means is on the steep rise. That includes internet fraud, identity theft and ransomware attacks, like the one suffered by Colonial, where victims’ files are locked up until ransom money is paid, that too in Bitcoins.

Such attacks were once crude. Ransomware arrived in spam emails and targeted ordinary people’s computers. The sums demanded were often small to encourage people to pay up. But not now, anymore.

Think of your home computer as a company. What can you do to protect it against cybercriminals? Instead of sitting back and waiting to get infected, why not arm yourself and fight back?

Bad guys, beware. We’ve got 10 ways to beat you.

Update your Operating System (OS) and other software frequently, if not automatically. This keeps hackers from accessing your computer through vulnerabilities in outdated programs (which can be exploited by the malware). For extra protection, enable Microsoft product updates so that the Office Suite will be updated at the same time.

Consider retiring particularly susceptible software such as Java or Flash, especially as many sites and services continue to move away from them.

Download up – to – date security programs, including anti – malware software with multiple technologies for protecting against spyware, ransomware and exploits, as well as a firewall, if your OS didn’t come pre – packaged with it. You’ll want to check if your OS has both firewall and antivirus built in and enabled by default and whether those programs are compatible with additional cybersecurity software.

Destroy all traces of your personal info on hardware you plan on selling. Consider using d-ban to erase your hard drive. For those looking to pillage your recycled devices, this makes information much more difficult to recover. If the information you’d like to protect is critical enough, removing the platters where the information is stored then destroying them is the way to go.

Do not use open Wi – Fi on your router; it makes it too easy for threat actors to steal your connection and download illegal files. Protect your Wi – Fi with an encrypted and compound password, and consider refreshing your equipment every few years. Some routers have vulnerabilities that are never patched. Newer routers allow you to provide guests with segregated wireless access. Plus, they make frequent password changes easier.

Mimble Winble is a software privacy protocol, named after Harry Potter’s ‘spell’ that stops people from revealing their secrets. Some cryptocurrencies are seeing a positive bump in their prices on reports that the companies could incorporate it for more safety and scalability.


Speaking of passwords, they protect all of your devices, including your desktop, laptop, phone, smart watch, tablet, camera, lawnmower, refrigerator, dishwasher and even washing machine or even electronic cooking devices. The ubiquity of mobile devices makes them especially vulnerable. Lock your phone and make the timeout fairly short. Use fingerprint lock for the iPhone and pass key or swipe for Android. 

“It’s easy to forget that mobile devices are essentially small computers that just happen to fit in your pocket and can be used as a phone,” says Jean-Philippe Taggart, Senior Security Researcher at Malwarebytes. “Your mobile device contains a veritable treasure trove of personal information and, once unlocked, can lead to devastating consequences.”

Sensing a pattern here? Create difficult passwords, and never use the same ones across multiple services. If that’s as painful as a stake to a vampire’s heart, use a password manager like LastPass or 1Password. For extra hacker protection, ask about two – step authentication. Several services have only recently started to offer 2FA, and they require the user to initiate the process. Trust us, the extra workload and measure is worth it. Two-factor authentication makes taking over an account that much more difficult, and on the flip side, much easier to reclaim should the worst happen.

Come up with creative answers for your security questions. People can now figure out your mother’s maiden name or where you graduated from high school with a simple Google search. Consider answering like a crazy person. If Bank of America asks, “What was the name of your first boyfriend / girlfriend?” reply, “Your mom.” Just don’t forget that’s how you answered when they ask you again.

Practice smart emailing. Phishing campaigns still exist, but cybercriminals have become much cleverer than that Nigerian Prince who needs your money called Nigerian Fraud 419. However links to see their actual URLs (as opposed to just seeing words in hyperlink text). Also, check to see if the email is really from the person or company claiming to have sent it. If you’re not sure, pay attention to awkward sentence construction and formatting. If something still seems fishy, do a quick search on the Internet for the subject line. Others may have been scammed and posted about it online.

Some websites will ask you to sign in with a specific service to access features or post a comment. Ensure the login option isn’t a sneaky phish, and if you’re giving permission to an application to perform a task, ensure you know how to revoke access once you no longer need it. Old, abandoned connections from service to service are an easy way to see your main account compromised by spam.

Keep sensitive data off the cloud. “No matter which way you cut it, data stored on the cloud doesn’t belong to you,” says Taggart. “There are very few cloud storage solutions that offer encryption for ‘data at rest.’ Use the cloud accordingly. If it’s important, don’t.”

Honorable mentions: Alarmist webpages announcing that there are “critical errors” on your computer are lies. Microsoft will never contact you in person to remove threats. These messages come from scammers, and if you allow them to remotely connect to your computer, they could try to steal your information and your money. If that’s not a Nightmare on Elm Street, then we don’t know what is.

The ransom amount of US$ 5 million has been paid and entire data which was freezed has now been released and normal supplies have been restored.

Cyber security has now become the biggest threat of the 21st century and one has to live with it and believe me each and every individual will have to pay additional cost for getting protected!

Rajiv Saxena
Rajiv Saxena
Rajiv Prakash Saxena is a graduate of UBC, Vancouver, Canada. He is an authority on eCommerce, eProcurement, eSign, DSCs and Internet Security. He has been a Technology Bureaucrat and Thought leader in the Government. He has 8 books and few UN assignments. He wrote IT Policies of Colombia and has implemented projects in Jordan, Rwanda, Nepal and Mauritius. Rajiv writes, speaks, mentors on technology issues in Express Computers, ET, National frontier and TV debates. He worked and guided the following divisions: Computer Aided Design (CAD), UP: MP: Maharashtra and Haryana State Coordinator to setup NICNET in their respective Districts of the State, TradeNIC, wherein a CD containing list of 1,00,000 exporters was cut with a search engine and distributed to all Indian Embassies and High Commissions way back in the year 1997 (It was an initiative between NIC and MEA Trade Division headed by Ms. Sujatha Singh, IFS, India’s Ex Foreign Secretary), Law Commission, Ministry of Law & Justice, Department of Legal Affairs, Department of Justice, Ministry of Urban Development (MoUD), Ministry of Housing & Urban Poverty Alleviation (MoHUPA), National Jail Project, National Human Rights Commission (NHRC), National Commission for Minorities (NCM), National Data Centres (NDC), NIC National Infrastructure, Certifying Authority (CA) to issue Digital Signature Certificates (DSCs), eProcurement, Ministry of Parliamentary Affairs (MPA), Lok Sabha and its Secretariat (LSS) and Rajya Sabha and its Secretariat (RSS) along with their subordinate and attached offices like Directorate of Estate (DoE), Land & Development Office (L&DO), National Building Construction Corporation (NBCC), Central Public Works Department (CPWD), National Capital Regional Planning Board (NCRPB), Housing & Urban Development Corporation (HUDO), National Building Organisation (NBO), Delhi Development Authority (DDA), BMPTC and many others.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related articles

After Sambhal, Varanasi, now Bareilly and Aligarh… where have the Mandirs been found closed so far?

In many cities of Uttar Pradesh, closed or illegally occupied temples are being found. This trend that started...

Germany Christmas Market Attack – Over 10 dead after a Saudi Fugitive drove his car into crowd

At a Christmas market in the German city of Magdeburg, a car drove into a crowd of people....

Arakan Army in western Myanmar claims to have captured a major regional army headquarters

A powerful ethnic armed group in western Myanmar claimed Friday to have scored a major victory in the...

‘Trudeau failed in the biggest job’, says Jagmeet Singh as NDP set to vote to bring Trudeau government down

In what comes as a major setback for Canadian PM Justin Trudeau, his former ally Jagmeet Singh of...