One of the most lucrative form of malware, designed to encrypt files and folders, preventing victim from accessing his machine is Ransomware. It is created to extort money from victim and in return provides with a decryption key that will grant him access to his system. Usually cyber criminals ask the victim to pay ransom in cryptocurrencies, as it is hard to find. Locky, WannaCry, CryptoLocker, Petya are most common amongst all and have made news headlines.
Now that we know ransomware is designed for financial gain, we need to know how it works, what are the common types of ransomware, key characteristics, and other details about ransomware.
How Ransomware Works?
Most commonly ransomware infections begin with:
- Malicious email attachment to install ransomware.
- Exploit kits to use known vulnerabilities in web browsers and other software to get ransomware installed.
Besides, this there are two most common types of ransomware.
Two Most Common Types of Ransomware:
- Encrypting ransomware: includes advanced encryption algorithms, to encrypt system files and demand ransom to decrypt them. Most common examples of it include CryptoWall, Locky, CryptoLocker and more.
- Locker ransomware: locks victim out of his system, making it impossible to access any apps, data, or other files. Usually, in this case files aren’t encrypted the victim is just locked out of the system and ransom is demanded to give an unlock key for the infected computer. Most common examples of it include, Winlocker and others.
Apart from this the locker versions can infect the Master Boot Record (MBR). Examples include Petya and Satana families.
Key Characteristics of a Ransomware:
- Irrevocable encryption.
- Ability to encrypt all types of documents, files, pictures, audio, video files and other data you have on your PC.
- Changes file name to hide itself.
- Adds different extension to the files.
- Displays a message or an image to show data is encrypted and victim needs to pay ransom to get the access back.
- Usually, requests payment in cryptocurrency with a time limit that makes it hard to track. Also, the ransom amount keeps on changing with time.
- Uses complex evasion techniques to go invisible by antivirus.
- Often uses infected PCs as botnets.
- Can spread from one system to another usually a local network, creating further damage.
- Capable of extracting data from infected computer (usernames, email addresses, passwords, and more.)
Common Ransomware Examples
- Spora that infects network shares.
- WannaCrypt infects computer by exploiting EternalBlue vulnerability.
- A Petya variant exploits EternalRomance vulnerability and uses stolen credentials to move across networks.
- Reveton locks system screen instead of encrypting files.
- Locky and Cerber ransomware looks for and encrypt specific file types, like media files, documents and others.
- Bad Rabbit ransomware
Ways to Stay Safe from Ransomware Attack
Here, we bring for you certain recommendations that you can use to keep yourself and your family protected from ransomware attack.
1. Training, and Education
It isn’t easy for an average user to know what the difference between a phishing email or spear phishing attack is. What they understand is downloading an attachment might harm their system or infect some of the system files.
But to stay protected from ransomware attack they need to know how to identify a phishing attack and which emails or attachments they should never open. For this they can simply make a phone call to the sender or ask the team to verify the message before sharing any information or considering the mail to be genuine.
2. Always take Data Backup
The most common harm caused by ransomware is to lock you out of your system and to encrypt data. Therefore, to deal with a ransomware attack one should always keep updated backup of his data so that in worst case scenario he has the data handy.
Apart from this the backup should always be tested periodically to ensure that there are no infectious file in the backup data that the user might restore.
Plus, companies and individuals should stop making the common mistake of restoring the data before the ransomware is completed cleared from the system. The system should be re build before the data is restored.
3. Lock Macros
We all learn from our own mistakes and in case of new ransomware cyber criminals always learn from older malware. Latest ransomware attacks are designed to take leverage from vulnerabilities detected in Microsoft Office and other applications. They are using macros to infect the system and corrupt data.
But if you are using latest version of Microsoft office to stay secure disabling all macros is recommended. As it provides security to the user.
4. Patch and Update Frequently
Most common recommendation or suggestion given by all is to always keep the OS updates. As an updated software, OS provides better security.
5. Remove Administrator Rights
Ransomware spreads by taking advantage of user’s privileges. Therefore, one should always keep a check on admin rights granted to other users. No one should be given rights to make changes to system files or other important data.
Only when required full access or read and write access should be granted.
Apart from these tips user should remember following other tips to stay protected from ransomware attack:
- Avoid using administrator account.
- Disable macros in Microsoft Office suite – Word, Excel, PowerPoint, etc.
- Disable browser plugins like Adobe Reader, Flash, Java and others.
- Keep browser security and privacy intact.
- Remove outdated plugins and add-ons from the browser.
- Use ad-blocker to block potentially malicious ads.
- Don’t open emails received from stranger or undisclosed sender.
- Avoid clicking on links received in emails or messages.
- Use a reliable and paid antivirus product updated automatically.
Must Read : Ransomware is Not Always About Money
Ransomware is the biggest threat faced by companies and individuals, if proper measures aren’t taken in time you never know to what lengths it can harm you. Therefore, to stay protected from ransomware attacks one needs to learn about ransomware, how it works, what are the types of ransomware and preventive measures to stay protected from phishing mails the most common source of spreading malicious content that is a ransomware.
Hope you like our article about common ransomware methods and how to stay protected. If there is anything you would like us to add, please let us know. Your feedback is valuable to us.