Home Did you know ? What is ransomware and how do we fight it?

What is ransomware and how do we fight it?

by Mic Johnson

First things first, what exactly is ransomware? It is a type of malware from crypto virology that encrypts and blocks access to data, or publishes secure or personal data, unless the victim pays up a certain amount as ransom. A typical case of ransomware infects one’s computer and restricts access to valuable data, asking for a certain amount, that if paid, restores access to the user, by giving the user an access restoration key, known only by the hacker. Users are additionally shown steps of online payment to restore access.

Why is Ransomware dangerous:

While simple ransomware blocks systems in a way that is reversible, the usual attack is sure to cause some problems. Most ransomware masquerades as harmless or even essential files that users are implored to download from emails, but in reality, they are trojans created by hackers, that spam a ransomware once opened. Whatever their modality of attack, almost all of them demand payment in cryptocurrencies such as Bitcoin, which makes them difficult to track and prosecute, even if reported. They are of various kinds:

  • Lockers: Such ransomware locks down your entire system and demands payment to restore access to anything within the system.
  • Crypto malware: They lock down certain sensitive data such as files or folders only.
  • Doxware: They threaten to publish sensitive information online provided non-payment of ransom within a stipulated time frame. The data may include personal photos, or secret information.
  • Scareware: Some of them come as scareware, especially as illegal anti-virus copies that spam a message claiming that the computer is at risk and needs an online payment to fix issues. It may also pretend to be a law enforcement agency that is punishing you for pornographic or illegal content, and now needs the payment of a ‘fine.’
  • High profile viruses like the ‘WannaCry Worm’ spread without absolutely any user interaction.

History of Ransomware:

Ransomware started with an intention to target individuals, but then moved on to bigger prey, such as businesses, once they realised that the pay outs could easily be maximised like that. Often, they target vulnerable organisations like law firms that cannot risk an information leak. They may also target underprepared organisations that engage in a lot of file sharing, such as universities and medical facilities. Said facilities often have smaller or non-existent security teams. Examples of some historical attacks include:

  • AIDS Trojan, late 1980s
  • GpCode, 2004
  • WinLock, 2007
  • Reveton, 2012
  • Cryptolocker, 2013
  • Locky, 2016
  • WannaCry, 2017
  • Sodinokibi, 2019

How to protect against Ransomware:

Even if you are not a part of the vulnerable groups, ransomware can infect anyone, and it is best to stay prepared. The following should be kept in mind:

  • Use competent anti-ransomware protection.
  • Always keep Windows Defender running while browsing the internet and use an antivirus software that is reputable.
  • Keep your security software such as Windows Firewall, and antivirus up to date.
  • Do not open suspicious email attachments, especially if they are from unfamiliar sources.
  • Keep backing up sensitive and important data on an external hard drive.
  • Keep saving your system state on a scheduled basis so it can be restored to.
  • Use of cloud-based storage prevents any data from being at risk.
  • Prevent giving administrative access to files unless you are certain what they are.

How to remove Ransomware:

Even after all these preparations attacks can happen and if that is the case the ransomware needs to be removed. The important steps to be followed are:

  • Install anti-malware from known companies like Bitdefender, after booting Windows into Safe Mode.
  • Scan your system to detect the ransomware.
  • If all else fails, restore your machine to a previous saved state.

Should you pay the ransom?

To make things difficult, hackers often offer discounts to victims on a timed basis, in that an earlier payment is cheaper. Similarly, discounts are offered by more advanced malware to companies in poorer nations. Thirdly, ransomware amounts are generally small, less than 1500$, that is still quite a lot for the hacker, but little for the business they’re targeting.

A simple cost benefit analysis might make you want to pay out, to retrieve your data, and you may not think of the utilitarian benefit, which is fine. However, remember that law enforcement agencies urge users never to pay the ransom. On the one hand, there is no certainty that your data will be given back uncorrupted. The hacker may keep extorting money from you without ever releasing your data, or they may take the money and run, and never give you a decryption key. On the other hand, payment encourages hackers to keep making more such malware and attacking others. Thus, if alternative routes exist, or reporting the crime works, these routes should be explored.

Conclusion:

While ransomware is a threat, it is not something you should be very anxious about, especially if you aren’t in a vulnerable group. Attacks are on a statistical decline, thanks to cryptocurrency being beyond the comprehension of many, which makes extraction difficult sometimes. Moreover, with anti-malware and computer security getting better, it is getting more and more difficult for criminals to target people.

You may also like

Latest Hacking News

Privacy Preference Center

Necessary

The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

__cfduid, cookie_notice_accepted, gdpr[allowed_cookies]

Advertising

DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.

doubleclick

Analytics

The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

_gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

_ga, _gat, _gid