How Can You Avoid Getting Infected?
You’ve probably heard the term “ransomware” on the news, in information security training, or from getting infected yourself; regardless of where or who you are, odds are you’ve heard it in the last few years.
Despite the fact that it is regularly in the headlines (WannaCry, Travelex), most users are unaware of how to protect themselves, and many businesses are unaware of the gravity of the threat. Malware is no longer a mysterious security problem, and users are understandably curious about what ransomware is and how it gets onto their computers.
Fortunately, we’ve put up a detailed reference that includes definitions of key words, an overview of ransomware’s history, the numerous classifications and distinctions among ransomware strains, as well as suggestions and advice on how to avoid and defend against harmful software.
What is Ransomware, and how does it work?
Ransom malware, often known as ransomware, is a type of malware (malicious software) that encrypts a user’s data and holds it for ransom. After infecting a computer, ransomware encrypts files and demands payment in exchange for their probable decryption.
In a nutshell, it’s a digital hostage situation.
Ransomware is a flourishing industry that has been active for almost 30 years, with a large part of businesses around the world being targeted for attack. With the widespread adoption of blockchain technology and anonymous transactions, ransomware con artists are now demanding payment in difficult-to-trace bitcoin for decryption.
When faced with a decision, many companies and businesses choose to pay the ransoms in a covert manner in order to regain access to their data, while others battle to recoup data without paying the attackers. In any case, significant harm can be done, not only financially, but also operationally and in terms of reputation.
Ransomware’s History
Though ransomware’s prominence has exploded in the twenty-first century, it actually has a much longer history than many people believe. Given the intricacy of modern ransomware, some may find it amusing that the first instance of this type of virus was spread via floppy disc.
Developed by an evolutionary biologist named Joseph Popp in 1989, the devious Harvard PhD researcher loaded up 20,000 floppies with copies of the ransomware and distributed them to fellow scientific academics in 90 countries.
The ransomware was disguised as a questionnaire and obfuscated with an electronic “fuse.” Once a machine had been infected, the ransomware would remain dormant until the 90th boot. The ransomware would encrypt file names after the computer was turned on for the 90th time since infection, a strategy that may not sound as devastating now, but at the time rendered many computers useless.
The ransomware message demanded that the user pay a fictitious ‘hard drive lease’ (between $189 and $378), and that the ransom be sent in the form of a cashier’s check or money order to a Panamanian P.O box register under the name PC CYBORG CORPORATION if they were to ever receive their decryption key.
The FBI eventually caught the “eccentric” Popp, though it is unclear how much money he was able to extort. Popp was arrested after a luggage search showed up his “business symbol,” and he was finally extradited to the United Kingdom on ten counts of blackmail and criminal damage.
Popp now runs a butterfly conservatory in New York, which is a fun fact. Here’s a link to Trip Advisor.
It would be another decade before other cybercriminals adopted Popp’s plan and implemented it on a far wider scale. With the exception of floppy discs and P.O Boxes, most illicit enterprises continue to operate in a similar manner. Distribute, contaminate, and extort information.
By the mid-2000s, ransomware had established itself as a serious threat, with strains like TROJ.RANSOM.A, Krotten, Cryzip, and Gpcode becoming popular. The sophistication and efficacy of ransomware really began to develop by the conclusion of that decade and into the tens.
With the global impact of worms like the WannaCry virus (which cost the NHS in the UK over £92 million) and the black-market trade of ‘malware as a service,’ the costs and risk of ransomware infection has continued to rise, exceeding knowledge.
We’ve arrived at a point where, if a company is locked out of its systems due to a lack of backups, it must choose between handing over thousands of pounds in cryptocurrency to criminals (funding more attacks with no guarantee of a decryption key) or accepting the invariably much higher cost of recovery.
Study of a Case
Cybercriminals infected roughly 10,000 Baltimore city computers with the RobbinHood ransomware in 2019. The attackers sought 13 bitcoins (about $76,000) for their decryption, but were denied their ransom when city officials refused to support the criminal organisation.
Instead of fighting the infection, the city is estimated to have spent upwards of $18 million in recovery costs as a result of the ransomware attack. An amount that has been reflected in similar circumstances.
Given this, it is misguided for businesses to continue putting themselves at risk of infection by failing to provide proper cyber and information security awareness training to assist decrease the danger of becoming another ransomware victim.
What Causes Ransomware to Infect Your Computer?
Ransomware, like all digital nasties, can infiltrate your computer in a variety of ways, but most of these entry points can be resisted with basic knowledge and simple defensive tactics. Keeping your files safe and secure from ransomware doesn’t have to be a tremendous pain, nor does it have to be expensive.
The methods listed here are only a few of the most popular ways ransomware infects a computer. The routes that most malware uses to infect a computer have stayed rather stable, despite increasingly more powerful and improved technological methods.
Phishing
Usernames, passwords, bank account numbers, and credit card numbers are all gold to cyber crooks. Phishing emails are deceptive messages sent with the explicit purpose of duping people into doing a specific action. Following a link, passing over sensitive information, or, in the case of malware, opening an attachment are all examples of these acts.
Phishing assaults are a form of mass email sent to millions of people in the hopes of attracting as many “biters” as possible. Phishing messages come in many shapes and sizes, but they all try to replicate well-known companies, reputable organisations, or pique your interest or curiosity with eye-catching subjects and fraudulent attachment names.
Individuals should always be suspicious of giving over important information to doubtful persons or opening unverified attachments, regardless of the seeming legality of an email, SMS, or even snail mail. What appears to be a harmless PDF attachment could easily be a dangerous piece of software designed to hold your sensitive data captive.
Phishing with a specific intent
Spear phishing is a type of phishing that is extremely focused, similar to spear fishing. Spear phishing assaults are a more sophisticated and research-based form of phishing that usually target the finance divisions of organisations and corporations.
A spear phishing assault will often go to considerable measures to trick users into doing an action that directly benefits criminals by impersonating or even compromising real accounts. Large cash transfers are frequently intercepted, with account numbers changed at the last minute and fraudulent invoices.
Spear phishers, like phishing attacks, will be on the lookout for sensitive information and anything else that can assist them deceive and trick their victims. With more time and effort, spear phishing can not only result in fraudulent transfers, but also infect highly secure networks with ransomware in the aim of extorting significant sums of money in exchange for data access.
Social Engineering
Social engineering is a catch-all term that encompasses both in-person and remote manipulation. Attackers will utilise their manipulation talents to persuade unsuspecting targets to do something that is not in their best interests. This can range from the relatively simple act of impersonating another person to the technically competent takeover of an email account and the meticulously planned transfer of funds request to the financial department.
Although ‘phishing,’ ‘spear phishing,’ ‘water holing,’ and a variety of other techniques fall under the umbrella of social engineering, this ‘low-resolution’ attack vector should not be dismissed as insufficiently specific, but rather as a distinct category of which people and users should be aware and vigilant.
We can better defend ourselves against a wide range of attacks if we are aware of the different ways in which even the finest among us can be misled. At a time when attackers are constantly looking for new methods to exploit our data, understanding and acknowledging weaknesses is critical.
Study of a Case
A social engineering experiment was carried out by members of a Google research team in 2016. They found that 45 percent of 300 USB sticks were connected in and had files examined when they dispersed them around a university campus.
Despite the fact that this was a harmless experiment, the devices might have just as easily been infected with ransomware. Malicious actors may use this unsafe curiosity to bypass network defences and lock away crucial data if it was placed in the proper spot.
Ransomware comes in a variety of forms.
The information security threat that ransomware poses has a consistent set of characteristics. A ransomware assault might jeopardise not just your data’s availability, but also its confidentiality and integrity.
Ransomware will most likely take one of only a few probable courses after infecting your device. After preventing a user from accessing their device or encrypting papers on it, the attacker(s) will try to extort money by threatening to delete, encrypt indefinitely, or expose your data to the public, depending on the nature of the attack.
Attacks on organisations are more likely to threaten data deletion or indefinite encryption, but attacks on people are more likely to threaten making humiliating or compromising data public.
One way that ransomware attacks urge victims to pay is by setting a payment deadline. If a ransom of ‘X’ is not paid within 48 hours, the ransom will escalate to ‘2X’ and then exponentially thereafter. An organisation can presumably recover their data in the shortest amount of time and for the least amount of money by paying immediately and without complications; nevertheless, payment is rarely advocated by law enforcement entities.
What is the Process of Encryption?
Encryption is the process of encoding information so that it may only be accessed by those who have the correct “key.” Even though complicated mathematics is being used to conceal information, even the most simple instances follow the same basic principles.
At its most basic level, encryption takes a piece of data, such as the word “hello,” and attempts to obscure its meaning. Simply transpose each letter three letters further along in the alphabet to create one of history’s oldest examples of encryption, known as the “Caesar Cipher.” Only those who understand the ‘cypher’ or key understand what we mean when we say ‘khoor.’
Encryption is a technique that is crucial to modern communications, despite the fact that it is not usually visible in our daily lives. Encryption is a critical component of modern computing, from the chat apps on your phone to the sensitive information you type into a website to pay for your package.
Though encryption is often employed to protect our personal information, it can equally be used to harm us. Cyber criminals use encryption methods to hold information captive and extort payments in the instance of ransomware. Ransomware has progressed to the point that even the most security-conscious and well-funded organisations can fall victim, and as a result, sometimes even collapse.
How Ransomware Infects Computers?
Ransomware, a type of software that holds a computer or its data hostage in order to extort money from its victims, is one of the fastest-growing sectors of cybercrime. Ransomware is a type of malware that can damage or delete computer files, resulting in a loss of profit for businesses with infected machines. Learn more about how ransomware targets victims to help prevent this rising online threat.
Infected PCs and mobile devices can be infected in a variety of ways:
Links in emails or social media messages – In this form of attack, the victim clicks on a malicious link in an email attachment or a social media message.
Pay per install — This common method infects computers that are already part of a botnet (a collection of infected computers controlled by criminals known as botmasters) with additional software. Bot herders, thieves who scour the internet for security flaws, are paid to find them.
Drive-by downloads – When a victim visits a hacked website, they are infected with ransomware. Researchers at McAfee Labs have noticed an upsurge in drive-by downloads. Users of some streaming video portals, in particular, have been affected.
Many people are unaware they are victims of a crime, and even if they are, they are hesitant to disclose it. This makes ransomware tough to trace. However, data suggests that it is a global cybercrime problem with a large number of victims. This hazard has been warned of by authorities all across the world. Europol organised an expert meeting to battle the spread of “police ransomware,” while the FBI and the German Federal Office for Information Security have both issued many ransomware warnings.
Aside from eliminating the malware from their computer, many victims are unsure what they should do. According to the FBI’s Internet Crime Complaint Center, victims should:
Submit a report to the FBI’s Internet Crime Complaint Center (IC3).
Update your operating system as well as your antivirus and antispyware applications.
In addition, if a user is unable to remove the malware on their own, they can contact a trusted computer professional for assistance.
Ransomware is still evolving. Researchers at McAfee Labs believe that “kits” for mobile phone ransomware will be released, allowing criminals without programming expertise to extort money. Global law enforcement is working hard to address this threat as it rises.
CryptoLocker is an example of ransomware.
CryptoLocker ransomware spread via infected email attachments between 2013 and 2014. Once activated, the malicious programme went about encrypting and ransoming important files.
Cryptolocker ransomware’s lockscreen
The ransomware, which is said to have infected about half a million computers globally, targets Microsoft Windows workstations and encrypts crucial files with an RSA 2048-bit key.
Users without file backups had the option of accepting the loss or paying the ransom with this degree of encryption.
CryptoLocker is thought to have extorted an average of $300 per user, earning the crooks behind the campaign tens of millions of cash in just a few months. Despite generating a great deal of inconvenience for many users, an online mechanism was finally developed to provide decryption keys to ransomware victims.
Petya
Petya Ransomware’s Lockscreen
The Petya ransomware family was initially discovered in 2016, and it was transmitted via corrupted attachments.
Many variants have spread over the world, including the Kaspersky dubbed NotPetya, which is perhaps best known for its involvement in attacks on Ukrainian infrastructure.
The NotPetya strain is also responsible for one of the most famous attacks on a law business, in addition to infrastructure. According to reports, the DLA Piper hack resulted in the corporation paying out about 15,000 hours of overtime to IT personnel, as well as irreparable harm to its reputation.
Don Jaycox, the company’s chief information officer, said the ransomware spread “astonishingly quickly,” adding that “a lot of the damage was done before [he] even got out of bed.”
Ryuk
The Ryuk Ransomware’s lockscreen
When it first appeared on the threat environment in 2018, the Ryuk ransomware strain almost exclusively targeted large businesses, demanding up to $320,000 in ransom. Spreading to as many endpoints as possible, this strain was most likely propagated by phishing emails, which is a typical attack vector.
Ryuk’s ransomware is still affecting businesses today, with victims including US government contractor Electronic Warfare Associates (EWA).
The spread of ransomware proceeded, and by the fourth quarter of 2019, the software had a huge 21.5 percent share of the ransomware industry.
Your Business and Ransomware
The impact of data breaches, including ransomware, can no longer be disregarded by organisations, according to some study. The average cost of a data breach has now risen to $3.9 million, according to some studies. Aside from the obvious costs of recovering from a ransomware assault, such an occurrence can also cause enormous damage in terms of service disruption and reputational damage.
In the United Kingdom, a stunning 77% of all workers have never received any type of information security training from their employer, demonstrating a brazen disdain for security knowledge that makes it easy for hackers and cyber criminals to continue their harmful activities.
With the introduction of the European Union’s General Data Protection Regulation, as well as its adoption into UK law as the Data Protection Act (DPA) 2018, the Information Commissioner’s Office can impose penalties of up to 4% of annual global turnover, or 20 million Euro, on organisations found to be responsible for a breach of personal data.
Meaning that a ransomware assault might cost an organisation not only millions of pounds to recover from technically, but also millions more in non-compliance fines. Given all of these variables, it’s logical to conclude that addressing information security vulnerabilities within your organisation has never been more important.
How Do Exploit Kits Allow Ransomware to Infiltrate Your Computer?
Step 1: The victim will visit a legitimate website and click on a malicious ad (also known as malvertising) that will redirect him to a compromised site.
Step 2: The victim will be led to a compromised website’s landing page. Because ransomware authors make these URLs appear to be legitimate websites, your security system will have a hard time identifying the exploit code hidden on that specific landing page.
Step 3: The exploit kit will now begin scanning your operating system and installed software (Flash, Java) for any exploitable vulnerabilities. If any vulnerabilities are discovered, the exploit kit will launch a ransomware attack on your machine.
Step 4: The ransomware will now infect your computer and encrypt every data stored on its hard drive. After then, a ransom message will be shown. The directions on how to pay your attacker are included in this ransom note.
With ransomware being one of the most deadly and extensively distributed malware on the planet, knowing what it is and what it can do to your computer is essential knowledge for any computer user. Allowing a ransomware attack to hit you in the face is not a good idea.
Act quickly to learn how to prevent and avoid ransomware attacks so that your computer system and essential data are not compromised.
Defending Yourself Against Ransomware
Backing Up Information
A ransomware campaign’s success is predicated on two essential assumptions. The first is that the ransomware will infect a computer, and the second is that vital files will not be backed up. Attackers and criminals thrive on common mistakes made by firms and individuals that lack the basic preparation needed to defend against an assault.
By effectively backing up your data in separate, safe forms and locations, your company may reinforce its defences and ensure that, if the worst happens, you aren’t forced to choose between further subsidising criminals or facing the costs of starting over and making a full recovery.
Businesses and individuals can take a variety of safeguards and solutions to protect themselves from ransomware. The most basic and effective method is to make regular and secure backups. Redundancy is the name of the game, with information needing to be held in numerous locations when it’s most important, to defend against physical damage like floods, break-ins, and fires, among other things.
Cloud storage services might also be a good option for backing up your data. Cloud storage can be a good option to on-site backup storage in many circumstances because it keeps data off-site and in secure networks.
Updates and Patches
The fact that many of the machines in use were running out-of-date operating systems and unpatched software was one of the contributing elements that rendered the NHS so vulnerable to the WannaCry ransomware. These vulnerable systems were not safeguarded in the same manner that modern operating systems are, leaving them vulnerable to a cyber-attack.
With any operating system, it’s critical to make sure the software (particularly anti-virus) is up to date and appropriate for your needs. Every day, new vulnerabilities are found, and developers work tirelessly to guarantee that these flaws are patched and repaired. However, if these upgrades are not implemented, organisations become vulnerable to attack.
Staff Preparation
Your workers may be the most important weapon in your defence armoury. Though technology defences are important, when the vast majority of ransomware assaults, and indeed all information security attacks, are caused by human error, thorough information security training is clearly one of the most effective methods to strengthen your defences.
Your organization’s defences against hostile actors, reputational damage, and potential fines and losses are reinforced through engaging training, while also meeting compliance obligations.
What should you do if you become infected?
The terrible reality is that many ransomware attacks result in impacted organisations paying large sums of money. Despite government advice that organisations should never pay a ransom to recover access, pragmatism and costs frequently drive the choice to pay the money.
Using ransomware to hold a company hostage is a crime that should be reported, yet attackers are rarely discovered due to the usage of bitcoin and obfuscation tactics. Another depressing truth in the information security and cyber defence industries.
Isolate > Recognize > Report > Research and Restore > Restart
Restoring activities should be quite simple assuming you have fully backed up your data. If you haven’t backed up, the problem becomes much more complicated.
Depending on the sort of ransomware that has infected an organisation, most of the process may likely necessitate the use of trained specialists and cyber security experts. Decryption keys for many of the more archaic forms of ransomware can be available online, often for free.
How to Report a Ransomware Attack?
Should any type of breach occur, including a ransomware attack, where personal data is unlawfully destroyed, lost, altered, or disclosed without authorisation, you will most likely have a legal obligation to report the event to your specific enforcement authority (in the case of the UK, the Information Commissioner’s Office).
Reporting Requirements
A breach of personal data must be reported to the appropriate supervisory body within 72 hours of becoming aware of it (where feasible).
If the breach is likely to have “adverse impact on data subjects’ rights and freedoms,” those individuals must be notified “without undue delay.”
You must also verify that you have in place “strong breach detection, investigation, and internal reporting procedures.”
