Ransomware is a malicious program, created to infect a computer system or server and block access until a sum of money is paid. Most of these encrypt the data on the system and make it unreadable. Individuals or companies need to pay a ransom for the removal of the encryption and get the data back to its original state.
Ransomware attacks on the internet today can be classified into two broad categories; Locker ransomware and Crypto Software. Locker ransomware completely locks a computer or similar device, while Crypto ransomware encrypts the data, including files in the system.
However, they can further be broken down into different types of ransomware attacks with different characteristics depending on the different approaches employed by the attackers:
Ransomware has been one of the most worrying threats in the last couple of years and continues to infect valuable data and disrupt business operations across the globe in 2019. Since ransomware was first introduced, it has evolved immensely and there are many ransomware examples.
The ransomware ecosystem has become diverse, with security professionals tracking more than 1,100 variants of ransomware infecting innocent internet users.
In the year 2019, various ransomware examples have come to light and have made waves in the industry. Some of the most recent ransomware attacks are listed below.
Katyusha is a recent ransomware attack Trojan that was introduced in October 2018. It adds the extension “.katyusha” and demands ransom of 0.5 bitcoins within three days. If it is not paid it threatens to release the data to public. Moreover, it also deletes shadow copies from the system.
In the beginning of 2019, a recent ransomware attack agent, LockerGoga has infected number of businesses including Altran, a French engineering consulting firm, and Norsk Hydro.
It is a hybrid with properties of ransomware and wiper. The latest versions forcibly log users off their devices and which results in users not able to catch the ransom message and instructions for file recovery.
This ransomware had become quite popular at the beginning of 2019 and it was created to force victims to subscribe to PewDiePie and help him reach 100m subscribers before T-Series YouTube channel.
PewDiePie fans somehow believe that releasing ransomware on innocent netizens is acceptable. However, after a while the creator released decryption tool for free use.
Ryuk first came into the light in August 2018 and has made $3.7 million in bitcoin. Ryuk is particularly used for targeted attacks and mainly focuses on enterprises that can pay a hefty sum for recovery. Ryuk creators are thought to be located in Russia and had built Ryuk ransomware with the help of stolen Hermes code.
SamSam is another ransomware used for targeted attacks and made over $6 million in ransom payments. SamSam has, till now, attacked various companies in the US; especially critical infrastructure, such as hospitals and city municipalities since they provide essential functions have a critical need to resume operations quickly.
Last year, SamSam raised havoc in the entire city of Atlanta and cost close to $17 million of innocent taxpayers’ money. The irony is that it renamed all its infected files “I’m sorry”.
Prevention is always better than cure. Therefore, one should always be ready with a robust ransomware protection mechanism. Here are some dos and don’t that you should keep in mind to save yourself from a ransomware attack:
| Do’s | Don’ts |
| Keep a backup of all your data. You can restore your data and won’t fall into the ransomware trap if you have your data safe. | Do not pay the attacker. Paying the ransom would further encourage and fund more attacks. Even if you pay the ransom, there is no guarantee that the attacker will unlock your device or release your data. |
| If one knows how to avoid ransomware, half of the work is done. Hence, always use a well-known security software along with a sturdy firewall system. Maintaining a strong firewall and keeping your antivirus software up to date are crucial. | Do not reveal your personal and confidential information on emails, phone calls or text messages. Phishers trick individuals or employees of a company into installing malware by pretending to be from IT. |
| Do employ periodic content scan and filter of your mail servers. Emails need to be scanned for threats and should block any attachment types that could pose a threat. | Don’t click on suspicious email or SMS links. Cyber attackers are not just cunning, but malicious as well. Spams messages and emails are the most popular ways of scamming innocent users. |
| Do make sure that the software and operating system are up to date. Malicious kits hosted on untrusted websites are generally used for spreading ransomware¬. Regular updating of software programs crucial to prevent infection. | Do not trust anyone over personal information. Be extremely cautious while dealing with sensitive information such as bank details, etc. If your device becomes host of an attack, use another device to research about the ransomware. Attackers are deceitful enough to create bogus websites. |
| If you’re travelling while you receive the threat, it is wise to contact a trusted IT professional or your organisation’s IT department. It is also advised to use a trustworthy Virtual Private Network (VPN) when using public Wi-Fi. | Do not leave the matter unreported. Be sure to report the matter to concerned state or regulation authorities such as cyber-crime branch. |
Ransomware Attack Solution: How to Prevent Ransomware on Server
One of the most frequently searched phrases on google in regard to ransomware is “How to protect against ransomware”. Yet it needs to be understood that at what level is the attack taking place. If a ransomware reaches the device, and is stopped there, it still means that numerous security protocols have been broken.
This could have been only possible at the
server level, meaning the web intrusion detection system (IDS) wasn’t able to
detect an infected domain or the sequence of malicious traffic. One therefore
needs to implement the following ransomware attack solutions to ensure that
this seepage doesn’t occur.
1. Restricting Access
The first and most important step in safeguarding servers in a network is to strengthen them. If the extortionist isn’t able to exploit a weakness in the network, it will be tough to gain access and deliver the ransomware.
2. Get Rid of Flash
There has a been an exponential growth in the infection of ransomware through exploit kits. As it is the easiest to use as a packaged bait, attackers like to use Adobe Flash in shroud exploit kits. Hence, the most sensible thing to do for organisations is to disable Flash or remove it completely from servers and workstations.
If using Flash is necessary, it can be configured in a way where it requires authorised users to click a specific video to play it. But unfortunately, it is quite easy to manipulate users in clicking videos.
3. Asset Management and Patching
While Adobe Flash is an easy weapon for attackers to deploy exploit kits, it is not the only armament. Exploit kits can be latched into other programs such as Internet Explorer, Google Chrome, Silverlight, Mozilla Firefox, Safari, Adobe PDF Reader, and all the other programs that interact with websites.
If a company doesn’t have proper mechanism and inventory, patching systems promptly isn’t feasible. Therefore, for patching, asset management is crucial. With help of asset management solutions, creating a shield around individual vulnerable software installed on laptop, desktop and server is the apt method to stop attacks.
4. Safeguarding IP Addresses
There are usually two ways that ransomware programs handle Command and Control (C&C) communication. It loads up a list of vulnerable IP addresses and start attempting to infiltrate one of those servers that responds and communicates, which is how the famous ransomware, Cerber works. Therefore, it is important to secure the IP addresses, so that only the internal network is able to access it.
5. The Defense Mechanism
Various small businesses and start-ups do not have a dedicated security team or personnel to dedicate their time specifically on security management and usually rely on a single individual to perform multiple duties as security, network and server management, along with desktop support. Sometimes, even large businesses and enterprises sustain a dedicated security mechanism for troubleshooting.
In these cases, it is important to assign at least one expert to monitor the vulnerable places for breaches and infiltration. In addition, safeguarding the server with a proper security solution is the key to a secure ecosystem.
You might not understand the value of a robust ransomware protection unless there is a major breach. Hence, it’s better to not let that situation arise.
Already Attacked by Ransomware: What to Do Now
| Crypto Ransomware | Locker Ransomware |
| Disconnect the system from all devicesUse a well-known antivirus to scan and wipe ransomware in the system if you do not want to pay ransom | Disconnect the system from all devices |
| Try to find, which crypto ransomware has infected the system | Reboot system in the ‘safe mode’ |
| Use another device to look for online solutions, if available | When the system restarts, run a good antivirus/security software |
| Restore data from backup | In case safe mode doesn’t work, do a full system restore |
| In case you wish to pay ransom, negotiate. | Run security software once again to remove traces of ransomware |
There are various ransomware attack solutions, depending upon what type of ransomware attack is it and what steps do you decide to take. While it is advisable to never give-in, sometimes circumstances can be unavoidable. Here are the steps you should follow in case of a ransomware attack:
Understanding whether you have been hit by crypto-ransomware, locker ransomware, or something merely pretending to be ransomware is critical first. If you can’t surpass the ransom message on the screen, it’s likely that a locker ransomware has infected it, and it’s not as bad.
If you are able to browse applications but you cannot open your work-related data, media files such as music, photographs, movies or emails, then crypto ransomware has most likely infected the system.
As crypto ransomware is most common yet first, address the malicious issue.
Here is how to safeguard from crypto ransomware:
Locker ransomware isn’t as rampant as it once was, yet it still does rounds periodically. Here are the steps to deal with it:
Lastly, it is quite important to file a police report if you wish to claim insurance or lawsuit for the data loss. Doing this will also help the legal authorities keep a record of the infection.
Conclusion
Today, individuals and companies who pay hefty sums for file recovery are encouraging and sponsoring the malicious activity of ransomware. Apart from these attackers being cunning and greedy they are malicious.
So, in conclusion, in order to stop ransomware extortions across the globe, we collectively need to take a stand against the malpractice paying money for recovery. You can also check for the best antivirus software solution available in the market, to help you secure your data.
Introducing Xoriant Corporation, leading player in the era of product development, engineering, and consulting… Read More
The dark web is a part of the internet that isn't indexed by standard search… Read More
A strong sales pipeline is indispensable for the expansion of every business organization. It's simply… Read More
In our earlier blogs, we have already discussed website cookies. Now, we will try to… Read More
Remote desktop software, which is also known as remote access software, allows users to interact… Read More
Human resource planning is the simplest way to describe strategy for ensuring that the… Read More
