********

********

Wednesday, 22 March 2017

Technology: Ransomware - The Virus That Can Hold You Hostage

We are living in a day and age in which our computers can hold us hostage; demanding ransom in exchange for release.

I am talking about ransomware – one of the biggest threats the internet holds for us.



But just what is ransomware and what is a ransomware attack exactly?

Ransomware is a form of malware (malicious software or virus) which encrypts documents on computers and across networks. Once infected, the victims of ransomware can very often only regain access to their files/computers by paying a ransom to the criminals behind the attack, hence the name ransomware.  An infection often starts by a simple attachment click, making this type of virus a very serious and worrying problem indeed.




A whole new era of cybercrime 

According to an article by Danny Palmer on zdnet.com entitled “Ransomware: An executive guide to one of the biggest menaces on the web”, which is the main source of the information used in this article, “cybercriminals didn’t use to be so obvious [in the past]. Hackers would do everything possible to avoid detection as it was in their best interest not to alert their victims of their doings”. However now, ransomware attackers shamelessly announce to their victims their intentions, holding them hostage via their data, until they pay up. It is said that cybercriminals pocketed over a staggering one billion dollars from ransomware attacks in last year alone!




How long has ransomware been around for?

Although ransomware occurrences have increased drastically in the last two years, it is by no means a new phenomenon, the first cases of which appeared as far back as the 1980’s already! According to Palmer, how this virus worked back then was “the virus was sent to victims on a floppy disc. The ransomware then counted the number of times the PC was booted and once it hit 90, it encrypted the machine and demanded the user ‘renew a fictitious license’ with 'PC Cyborg Corporation' by sending $189 or $378 to a post office box in Panama.



How Ransomware evolved

The early versions of ransomware (such as the floppy disc version mentioned above), was quite easy to overcome because it relied on very basic cryptography in its functioning. However, these days the cryptography involved in the sophisticated ransomware in use now is so advanced that the mere mention of the word ‘ransomware’ is enough to make the corporate network world cringe.





What are some types of ransomware in existence today?

Today there exists many different types and forms of ransomware; some of which are more menacing in nature (and difficult to remove) than others. On example of an incredibly menacing form of ransomware is Locky, which often features in newspaper headlines due to the severity and cunningness of its nature. But just what is Locky exactly? According to pcrisk.comLocky is ransomware distributed via malicious .doc files attached to spam email messages. Each word document contains scrambled text, which appear to be macros. When users enable macro settings in the Word program, an executable file (the ransomware) is downloaded. Various files are then encrypted.” What further makes Locky so successful is the fact that those behind it often update the code that runs it, with changes which makes its detection near impossible.  Other equally menacing ransomware viruses doing the round include Cryptowall and Cerber. Just do an internet search on these if you wish to find out more.






How to avoid being infected with ransomware? 

Danny Palmer has this to say regarding ransomware attack avoidance: “With email being by far the most popular attack vector for ransomware, you should provide employees with training on how to spot an incoming attack. Even picking up on little indicators like poor formatting or that an email purporting to be from 'Microsoft Security' is sent from a obscure address which doesn't even contain the word Microsoft within it might save your network from infection. There's also something to be said for enabling employees to learn from making mistakes while within a safe environment. For example, one firm has developed an interactive video experience which allows its employees to make decisions on a series of events then find out the consequences of those at the end. This enables them to learn from their mistakes without suffering any of the actual consequences. On a technical level, stopping employees from being able to enable macros is a big step towards ensuring that they can't unwittingly run a ransomware file. Microsoft Office 2016 -- and now Microsoft 2013 -- both carry features which allow macros to be disabled. At the very least, employers should invest in antivirus software and keep it up-to-date, so that it can warn users about potentially malicious files.





How to rid yourself of ransomware

The zdnet.com article by Danny Palmer goes on to offer this valuable advice/information on how to rid yourself of a dreading ransomware infection: “The 'No More Ransom' initiative -- launched by Europol and the Dutch National Police in collaboration with a number of cyber security companies -- offers free decryption tools for ransomware variants to help victims retrieve their data without succumbing to the will of cyber extortionists. The portal offers decryption tools for ransomware variants including Crypt XXX, MarsJoke, Teslacrypt, and Wildfire. It's updated as often as possible in an effort to ensure tools are available to fight the latest forms of ransomware. Another way of working around a ransomware infection is to ensure your organisation regularly backs up data offline. There are those who say victims should just pay the ransom, citing it to be the quickest and easiest way to retrieve data -- and many organisations do pay. But be warned: if word gets out that your organisation is an easy target for cybercriminals because it paid a ransom, you could find yourself in the cross-hairs of other cybercriminals who are looking to take advantage of your weak security. And remember that you're dealing with criminals here and their very nature means they may not keep their word. There are stories of victims paying ransoms and still not having files returned.”




Can ransomware infect other devices, such as a smartphone or android device?

The scary answer to the question above is yes it can. In fact attacks against such devices have increased massively of late since many people are unaware of the possibility of attacks, only realising the reality of them, once it is too late. It is a fact that any device that is connected to the internet can be a potential infection risk, including our modern day smart televisions!




For more on ransomware and to read the full article by Danny Palmer, visit the following link.

Till next time, be safe

Debbie Nel

Xxxxxxxx

If you like my blog, why not follow Mortal Life Modes on the NewsDog  App?


No comments:

Post a comment