What is ransomware and how do we fight it?

First things first, what exactly is ransomware? It is a type of malware from crypto virology that encrypts and blocks access to data, or publishes secure or personal data, unless the victim pays up a certain amount as ransom. A typical case of ransomware infects one’s computer and restricts access to valuable data, asking for a certain amount, that if paid, restores access to the user, by giving the user an access restoration key, known only by the hacker. Users are additionally shown steps of online payment to restore access.

Why is Ransomware dangerous:

While simple ransomware blocks systems in a way that is reversible, the usual attack is sure to cause some problems. Most ransomware masquerades as harmless or even essential files that users are implored to download from emails, but in reality, they are trojans created by hackers, that spam a ransomware once opened. Whatever their modality of attack, almost all of them demand payment in cryptocurrencies such as Bitcoin, which makes them difficult to track and prosecute, even if reported. They are of various kinds:

  • Lockers: Such ransomware locks down your entire system and demands payment to restore access to anything within the system.
  • Crypto malware: They lock down certain sensitive data such as files or folders only.
  • Doxware: They threaten to publish sensitive information online provided non-payment of ransom within a stipulated time frame. The data may include personal photos, or secret information.
  • Scareware: Some of them come as scareware, especially as illegal anti-virus copies that spam a message claiming that the computer is at risk and needs an online payment to fix issues. It may also pretend to be a law enforcement agency that is punishing you for pornographic or illegal content, and now needs the payment of a ‘fine.’
  • High profile viruses like the ‘WannaCry Worm’ spread without absolutely any user interaction.

History of Ransomware:

Ransomware started with an intention to target individuals, but then moved on to bigger prey, such as businesses, once they realised that the pay outs could easily be maximised like that. Often, they target vulnerable organisations like law firms that cannot risk an information leak. They may also target underprepared organisations that engage in a lot of file sharing, such as universities and medical facilities. Said facilities often have smaller or non-existent security teams. Examples of some historical attacks include:

  • AIDS Trojan, late 1980s
  • GpCode, 2004
  • WinLock, 2007
  • Reveton, 2012
  • Cryptolocker, 2013
  • Locky, 2016
  • WannaCry, 2017
  • Sodinokibi, 2019

How to protect against Ransomware:

Even if you are not a part of the vulnerable groups, ransomware can infect anyone, and it is best to stay prepared. The following should be kept in mind:

  • Use competent anti-ransomware protection.
  • Always keep Windows Defender running while browsing the internet and use an antivirus software that is reputable.
  • Keep your security software such as Windows Firewall, and antivirus up to date.
  • Do not open suspicious email attachments, especially if they are from unfamiliar sources.
  • Keep backing up sensitive and important data on an external hard drive.
  • Keep saving your system state on a scheduled basis so it can be restored to.
  • Use of cloud-based storage prevents any data from being at risk.
  • Prevent giving administrative access to files unless you are certain what they are.

How to remove Ransomware:

Even after all these preparations attacks can happen and if that is the case the ransomware needs to be removed. The important steps to be followed are:

  • Install anti-malware from known companies like Bitdefender, after booting Windows into Safe Mode.
  • Scan your system to detect the ransomware.
  • If all else fails, restore your machine to a previous saved state.

Should you pay the ransom?

To make things difficult, hackers often offer discounts to victims on a timed basis, in that an earlier payment is cheaper. Similarly, discounts are offered by more advanced malware to companies in poorer nations. Thirdly, ransomware amounts are generally small, less than 1500$, that is still quite a lot for the hacker, but little for the business they’re targeting.

A simple cost benefit analysis might make you want to pay out, to retrieve your data, and you may not think of the utilitarian benefit, which is fine. However, remember that law enforcement agencies urge users never to pay the ransom. On the one hand, there is no certainty that your data will be given back uncorrupted. The hacker may keep extorting money from you without ever releasing your data, or they may take the money and run, and never give you a decryption key. On the other hand, payment encourages hackers to keep making more such malware and attacking others. Thus, if alternative routes exist, or reporting the crime works, these routes should be explored.

Conclusion:

While ransomware is a threat, it is not something you should be very anxious about, especially if you aren’t in a vulnerable group. Attacks are on a statistical decline, thanks to cryptocurrency being beyond the comprehension of many, which makes extraction difficult sometimes. Moreover, with anti-malware and computer security getting better, it is getting more and more difficult for criminals to target people.

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience