WHAT IS MALWARE?

Malware is an abbreviated term meaning “malicious software.” This is software that is specifically designed to gain access or damage a computer without the knowledge of the owner.

There are several types of malware;

  • Spyware
  • Viruses
  • Keyloggers
  • Worms
  • Ransomware
  • Any type of malicious code

TYPES OF MALWARE

malware

 

WHAT IS RANSOMWARE?

Ransomware is a type of malicious software which covertly encrypts your files – preventing you from accessing them – then demands payment (ransom) for their safe recovery.

Ransomware is also referred to “Cyber Extortion”.

Two types of Ransomware;

  1. Locker - ransomware denies access to the computer or device.
  2. Crypto - ransomware prevents access to files or data.

Also Scareware, Leakware and Ransomware As a Service (RaaS).

Ransomware is often spread through phishing emails that contain malicious attachments or when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.

Ransomware is a profitable criminal business, and its success lies in the way it develops the urgency using scare tactics.

TYPES OF RANSOMWARE

  • Crysis – It is the kind of ransomware attack that has encrypted all the files of the network and also of any of the removable devices.
  • Wanna Cry – ransomware attacks wanna cry was one of the very big attacks in the history of a ransomware attack that had compromised more than 125k organizations.
  • CryptoWall – Cryptowall was one of the very advanced formsIt was introduced in the early of 2014. Its attacking approach is pretty similar to that of the crypto locker.
  • Jigsaw – It is a very dangerous kind of ransomware attack while was not just encrypting the files but also deleting them until the hackers were paid.
  • Bad Rabbit – This attack was launched in the region of Russia and Europe. The attack was launched in the organization with the intention to get them to pay money in order to get the systems back in the working state.

HOW DOES RANSOMWARE WORK?

  • Ransomware can originate from a malicious website that exploits a known vulnerability, phishing email campaigns, social engineering, or web based drive by malware injections
  • When the exploit is executed, a downloader is placed on the system.
  • The downloader silently communicates with control servers to download and install malware / ransomware and secure an encryption key
  • The contacted C&C server responds by sending back the requested Encryption Key and provide payment methods
  •  Ransomware starts to encrypt the entire hard disk content, personal files and sensitive information.
  • A warning is displayed on the screen with instructions on how to pay for the decryption key.

COST OF RANSOMWARE

  • Time
  • Corruption or loss of data Suspension of service
  • Reputation
  • Legal implications Thousands/millions of dollars

COST OF RANSOMWARE ATTACKS

  • Loss of Data and Information
  • Employee Downtime and Loss of Production
  • Ransom Costs
  • IT Consultant Time and Labor
  • Forensic Investigation Cost
  • Data Leak and Compliance Issues
  • Impact on Reputation and Loss of Business Relationships
  • IT Infrastructure Upgrades/Overhaul

COMMON ATTACK VECTORS

  • Social engineering
  • Unsafe web browsing
  • Malvertising
  • Email campaigns
  • Web exploits
  • Phishing scams
  • Infected removable media
  • Exploited accounts
  • Out-of-date, end of life, un-patched Vulnerable computing systems

HOW TO PROTECT AGAINST RANSOMWARE

  • Never click on unverified links - Avoid clicking links in spam emails or on unfamiliar websites. Downloads that start when you click on malicious links is one way that your computer could get infected.
  • Do not open untrusted email attachments - Do not open email attachments from senders you do not trust. Look at who the email is from and confirm that the email address is correct.
  • Only download from sites you trust - To reduce the risk of downloading ransomware, do not download software or media files from unknown websites. Go to verified, trusted sites if you want to download something. Most reputable websites will have markers of trust that you can recognize.
  • Avoid giving out personal data - If you receive a call, text, or email from an untrusted source that asks for personal information, do not give it out.
  • Use mail server content scanning and filtering - Using content scanning and filtering on your mail servers is a smart way to prevent ransomware.
  • Never use unfamiliar USBs - Never insert USBs or other removal storage devices into your computer if you do not know where they came from.
  • Keep your software and operating system updated - Because when you run an update, you are ensuring that you benefit from the latest security patches, making it harder for cybercriminals to exploit vulnerabilities in your software.
  • Use a VPN when using public Wi-Fi - When you use public Wi-Fi, your computer system is more vulnerable to attack. To stay protected, avoid using public Wi-Fi for confidential transactions, or use a secure VPN.
  • Use security software - When you download or stream, our software blocks infected files, preventing ransomware from infecting your computer and keeping cybercriminals at bay. Keep your security software updated at all times.
  • Backup your data - Should you experience a ransomware attack; your data will remain safe if it is backed up. Make sure to keep everything copied on an external hard drive but be sure not to leave it connected to your computer when not in use. If the hard drive is plugged in when you become a victim of a ransomware attack, this data will also be encrypted.

RESPONDING TO RANSOMWARE

Isolate your computer - If you experience a ransomware attack, the first thing to do is to disconnect from any networks and the internet.

Never pay the ransom - Do not pay any ransom demanded by the cybercriminals carrying out the ransomware attack. Paying the ransom will not guarantee the return of your data — after all these individuals have already manipulated your trust.

Start ransomware removal - To rid your computer of ransomware, follow our simple steps to ransomware removal:

Step 1: Disconnect from the internet - First up, disconnect from the internet to stop the ransomware spreading to other devices.

Step 2: Run a scan using internet security software - Use the internet security software you have installed to run a scan. This will help to identify any threats. If it detects any risky files, they can be removed or quarantined.

Step 3: Use ransomware decryption tool - If your computer gets infected with encryption ransomware, you will need to use a ransomware decryptor to decrypt your files and data so that you can access them again.

Step 4: Restore files from backup - If you have backed up your data externally or on cloud storage, restore a clean backup of all your files on your computer. This allows you to revert to a version of the software that is malware free.

Sign up
Sign up for news and updates from SamCERT.