Ransomware
Ransomware is a malware or malicious software that infects the system and that restricts or limits user access. In early 2005 to 2006 it was first seen at Russia and then it spread around the globe gradually. Ransomware typically encrypted specific file types such as .doc, .xls, .jpg, .zip, .pdf, and other commonly used file extensions.
- User screen lockdown
- User file encryption
- Remote access and control of victim system through a command & control Centre
In many cases Ransomware victims may have to pay a ‘Ransom’ or ‘bulk amount’ or ‘Crypto currency’ through a digital payment gateway in order to resume the access to their systems. A message is being displayed over the screen. However, there is no guarantee of accessing the system even after the ransom money is paid as you can not trust the unknown attacker.
In late 2013, a new type of ransomware that encrypted files apart from locking a system. The encrypted files ensured that victims were forced to still pay the ransom even if the malware itself was deleted. Due to its new type of behavior, it was called as “CryptoLocker.” The ransom note in CryptoLocker only specifies “RSA-2048” as the encryption method used, researchers tell that the malware uses AES + RSA encryption. Major corporates, big players, companies have fallen victim to it.
Examples of Ransomware:
WannaCry: A powerful Microsoft exploit was leveraged to create a worldwide ransomware worm that infected over 250,000 systems before a kill switch was tripped to stop its spread.
NotPetya: It is one of the most destructive ransomware attacks, NotPetya leveraged tactics from its namesake, Petya, such as infecting and encrypting the master boot record of a Microsoft Windows-based system. NotPetya leveraged the same vulnerability from WannaCry to spread rapidly, demanding payment in Bitcoins.
Bad Rabbit: This is considered as a cousin to NotPetya and using similar code and exploits to spread, Bad Rabbit was a visible ransomware that appeared to target Russia and Ukraine, mostly impacting media companies there. Unlike NotPetya, Bad Rabbit did allow for decryption if the ransom was paid.
CryptoLocker: Cryptolocker was one of the first of the current generation of ransomware that required cryptocurrency for payment of Bitcoin and encrypted a user’s hard drive and attached network drives.
LockBit: Recently on 2021 it was identified which blocks user access to computer and infects connected devices without human intervention.
- Regularly update your Operating System/Software for security patches.
- Take periodic backup and encrypt your data using encryption tools. Store the backup copy offline, as it helps in preventing the backup copy getting infected by the malware.
- Regularly update your anti-virus/anti-spam-ware/anti-ransomware definitions.
- Do not open email attachments from unknown sources.
- Verify email id against your contacts. If in doubt, perform a virus scan before downloading and opening the attachment.
- Enable system restore point, which is an in-built feature of Microsoft Windows operating system, to assist in restoring files.
- Use network protection and end point protection to prevent network encryption which could also happen with some crypto Ransomware threats.
- Use Software Restriction Policies to prevent or restrict the primary attack vectors, i.e. deny execution of user that can write/create privileges on business-critical systems.
- Delete unused accounts from network and monitor network activities.
-DR
No comments:
Post a Comment