Category Archives: Ransomware

WHAT IS RANSOMWARE

What Is Ransomware

Ransomware

Ransomware is a form of malware that encrypts files on an affected device and holds their hostage until the user pays a ransom to the malware operators. Millions of dollars have been extracted through ransomware attacks, the most common strains of ransomware includes Cryptolocker, Cryptowall, Locky, and Samas or Samsam.

In this article, we have explained what is ransomware and how to protect against ransomware attacks.

WHAT IS RANSOMWARE

Ransomware commonly enters devices as a Trojan, impersonating as a normal file that is downloaded intentionally or unintentionally by the user. Upon execution, ransomware starts encrypting the files on an infected device and consistently displays a message informing the victim that their files can only be decrypted if a ransom amount is paid to the attackers. The user is provoked into paying the operators, who may or may not supply a code or program to decrypt the files. If the user fails to pay the ransom within the certain time period provided can result in an increased ransom amount or deletion of the encrypted files. The most dangerous types of ransomware are those were only the creators of the program have access to decrypt the key. Ransoms are typically paid in Bitcoin or other digital currencies that are difficult to trace.

THE COMMON TYPES OF RANSOMWARE STRAINS:
CRYPTOLOCKER

CryptoLocker was discovered on September 15, 2013, and is considered to be the first modern strain of ransomware. It is distributed through email attachments in order to encrypt files on Windows computers and any mounted drives. Even though CryptoLocker itself is easy to remove from infected devices, the files remains encrypted, and the only viable way to access files is to pay the ransom requested by the cyber criminals. Payment for the decryption of the key is taken in the form of Bitcoin or pre-paid cash vouchers.

CRYPTOWALL

CryptoWall was discovered on June 19, 2014, and it is related to CryptoLocker in some form. It has gone through a multiple number of releases with different names and has not yet been secluded. Initially, it was distributed through exploit kits and emails but recently it has been connected with malicious ads and compromised websites as well. CryptoWall encrypts the files and deletes any VSS or shadow copies to prevent data recovery. After infecting, the computer displays a web page or a text document that provides the directions for payment to the user.

SAMAS/SAMSAM/SAMSA

Samas, perhaps the most destructive form of ransomware, was first discovered on December 9, 2015. The code for Samas is not very advanced, but the methods of distribution are more focused than other attacks. Cybercriminals will first identify specific networks that have unpatched servers running JBoss enterprise products. Once they get the access, the operators will move parallel from the entry point to identify more hosts. The ransomware is manually installed once enough systems have been violated. Like CryptoWall, Samas will delete the outlined copies after encrypting the original files and demand payment in the form of Bitcoin. Unlike previous strains, the majority of Sama’s attacks have focused on hospitals, schools, and other networks with a stock of sensitive information that can be sold for a greater profit.

SAMAS_SAMSAM_SAMSA

BEST PRACTICES FOR RANSOMWARE PROTECTION

Always back up your files regularly: Having assiduous data backup processes in place can limit the damage caused by a ransomware attack significantly, as the encrypted data can be restored without paying a ransom.

Do not click on any email attachments or links from unconfirmed sources: Email is the most popular medium for phishing attacks that distribute ransomware or other malware through infected attachments or links to spiteful websites.

Disable Autorun for all mounted devices: Disabling the autorun will prevent malware from being able to spread individually.

Disable remote desktop connections when possible: Disabling this feature will block the attackers or malware from being able to access user’s devices and files remotely.

Log-in as the only administrator: Limit administrator allowances and the use of admin accounts whenever it is possible, to ensure that a user that has been compromised isn’t inadvertently granting administrative privileges to an attacker who has already gained access to their account.

Awareness and education in an organizations are the key for protecting against ransomware attacks. By educating yourself and your users on basic protection practices and keeping up with current security threats, you may reduce the risk of ransomware and keep your data safe.