Ransomware is a type of cryptovirological malware that permanently blocks access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.
Types of ransomware
Encryption Ransomware
It encrypts personal files and folders (documents, spread sheets, pictures, and videos).
The affected files are deleted once they have been encrypted, and users generally encounter a text file with instructions for payment in the same folder as the now-inaccessible files.
You may discover the problem only when you attempt to open one of these files.
Some, but not all types of encryption software show a ‘lock screen’.
Lock Screen Ransomware — WinLocker
It locks the computer’s screen and demands payment.
It presents a full screen image that blocks all other windows.
No personal files are encrypted.
Master Boot Record (MBR) Ransomware
The Master Boot Record (MBR) is the part of the computer’s hard drive that allows the operating system to boot up.
MBR ransomware changes the computer’s MBR so that the normal boot process is interrupted.
Instead, a ransom demand is displayed on the screen.
Ransomware encrypting web servers
It targets webservers and encrypts a number of the files on it.
Known vulnerabilities in the Content Management Systems are often used to deploy ransomware on web services.
Mobile device ransomware (Android)
Mobile devices (mostly Android) can be infected via “drive-by downloads”.
They can also get infected through fake apps that masquerade as popular services such as Adobe Flash or an anti-virus product.
There is also a global initiative that can help in the event of ransomware. The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals. https://www.nomoreransom.org/
How to handle a ransomware attack
Step 1: DO isolate network traffic to mitigate the risk of continued adversary activity.
Step 2: DO NOT turn off servers until you are certain they have not been affected by ransomware.
Step 3: DO verify the state of business-critical system backups and make an offline copy of these backups.
Step 4: DO contact legal counsel and inform them of the situation.
Step 5: DO NOT try to “clean up” the ransomware without professional assistance.
How to defend against ransomware
To avoid ransomware and mitigate damage if you are attacked, follow these tips:
Back up your data. The best way to avoid the threat of being locked out of your critical files is to ensure that you always have backup copies of them, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup. This protects your data and you won’t be tempted to reward the malware authors by paying a ransom. Backups won’t prevent ransomware, but it can mitigate the risks.
Secure your backups. Make sure your backup data is not accessible for modification or deletion from the systems where the data resides. Ransomware will look for data backups and encrypt or delete them so they cannot be recovered, so use backup systems that do not allow direct access to backup files.
Use security software and keep it up to date. Make sure all your computers and devices are protected with comprehensive security software and keep all your software up to date. Make sure you update your devices’ software early and often, as patches for flaws are typically included in each update.
Practice safe surfing. Be careful where you click. Don’t respond to emails and text messages from people you don’t know, and only download applications from trusted sources. This is important since malware authors often use social engineering to try to get you to install dangerous files.
Only use secure networks. Avoid using public Wi-Fi networks, since many of them are not secure, and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN, which provides you with a secure connection to the internet no matter where you go.
Stay informed. Keep current on the latest ransomwares threats so you know what to look out for. In the case that you do get a ransomware infection and have not backed up all your files, know that some decryption tools are made available by tech companies to help victims.
Implement a security awareness program. Provide regular security awareness training for every member of your organization so they can avoid phishing and other social engineering attacks. Conduct regular drills and tests to be sure that training is being observed.