TECHNOLOGY
How to Deal With Ransomware
As if there were not enough cyber attacks, a new wave of ransomware is emerging rapidly. This is not only affecting financial institutions, business and other organisations, but can also play havoc with individuals. Most of these cyber criminals demand money, to be paid using virtual currencies like Bitcoin. But there is no guarantee that you would be able to access all your locked data, even after paying.
Ransomware is a type of software, or malware, that accesses content on your PC, laptop or mobile device and then scrambles the data. You are then required to pay the ransom so that the criminal can handover to you the key to the locked data. Ransomware, typically, spreads through spear phishing emails that contain malicious attachments in the form of archived content (zip/rar) containing a JavaScript file or specially designed web-links or URLs. After clicking on the file or the link, the ransomware executes itself on your computing or mobile device without any trace. After accessing data, it encrypts or locks the files and demands a ransom to allow you to restore access.
Once you are under attack, you cannot access any of your files or data stored on the device/s. Since ransomware has the capacity to spread rapidly, it can easily affect the entire network of shared drives or devices. Depending on the type of ransomware, you can see your files having extensions like '.cerber', '.crypt', '.zepto', .locky, '.xtbl', '.vault', 'xrtn', 'crySIS', '.lock', '.R5A', '.lock','.wallet' and '.dharma'.
Some ransomware are designed in a way that it can identify and kill running processes like anti-virus or malware-detecting software. For example, in January, cyber criminals attacked a hotel in Austria and demanded ransom. While there were some confusing reports, in the end it was found that, during the attack period, the hotel was unable to use its reservation system and could not issue new key-cards to guests until the owner paid the ransom.
There are instances where the malware had remained idle for days or months before striking. Some are even capable of self-destruction. Adding to this is the Internet of things (IoT), which can really play havoc unless we are prepared to maintain cyber hygiene. Commenting on the ransomware attack against the Austrian hotel, Bruce Schneier, one of the most renowned security experts and chief technology officer of IBM Resilient, said in his blog, "I expect IoT ransomware to become a major area of crime in the next few years. How long before we see this tactic used against cars? Against home thermostats? Within the year is my guess. And as long as the ransom price is not too onerous, people will pay."
Cyber security companies are working on decryption tools for such encrypted files. But, to date, decryption is possible for only some ransomware. For files for which the decryption tools are not available, there is no way to retrieve the private key that can be used to decrypt them.
How do you guard yourself Ransomware attacks?
1. Take regular backups of at least your critical data;
2. Store this data on a device that is offline and not connected with any network;
3. Regularly update software on your computing and mobile device;
4. Block or do not open attachments with file types like exe, pif, tmp, url, vb, vbe, scr, reg, cer, pst, cmd, com, bat, dll, dat, hlp, hta, js, and ws;
5. Use some tools that are available on the web, like Sophos: Hitman Pro, Malware bytes Anto-Ransomware, TrendMicro Ransomware Screen Unlocker and Microsoft enhanced mitigation and experience toolkit (EMET);
6. Do not open attachments in unsolicited emails, or even from people in your contact list, and never click on a URL in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs, close the e-mail and go to the website directly through a browser.
7. Disable remote desktop connections, if possible;
8. Stay away from installing or running unwanted software;
9. Avoid using external devices like a pen- or USB-drive from unknown sources.
No comments:
Post a Comment