What is Ransomware?
Ransomware is a form of malicious software that locks up the files on
your computer, encrypts them, and demands that you pay to get your files
back. Usually ransomware will demanded in Bitcoin, which is totally untraceable.
The digital extortion racket is not new - it’s been around since about
2005, but attackers have greatly improved on the scheme with the
development of ransom cryptware, which encrypts your files using a
private key that only the attacker possesses, instead of simply locking
your keyboard or computer.
Most recently, a global cyberattack spread ransomware to countless computers over 150 countries. And these days ransomware doesn’t just affect desktop machines or laptops, it also targets mobile phones.
How Ransomware gets onto a computer?
The most common ways in which Ransomware are installed via phishing emails and visiting a website that contains a malicious program. After the malware has been installed, it will either encrypt information
that’s stored on the computer or block the computer from
running normally – while also leaving a ransom message that demands the
payment of a fee, in order to decrypt the files or restore the system.
In most cases, the ransom message will appear as a form of pop-up when the user restarts
their computer after the infection has taken effect.
WannaCry Cyberattack
May 12th 2017 saw the biggest ever cyber attack in Internet history. A ransomware named WannaCry or Wanna Decryptor stormed through the web, with the damage epicenter being in Europe. It mainly affects Microsoft’s unpatched and pirated Windows operating system.
When a system is infected, a pop up window appears, prompting you to pay
to recover all your files within three days, with a countdown timer on
the left of the window. It adds that if you fail to pay within that
time, the fee will be doubled, and if you don’t pay within seven days,
you will lose the files forever. Payment is accepted only with Bitcoin.
WannaCry leveraged a vulnerability in Windows OS, first discovered by
the NSA, and then publicly revealed to the world by the Shadow Brokers. In the first few hours, 200,000 machines were infected. It was first reported from Sweden, Britain, France and India, but Russia and
Taiwan are said to be the worst hit. Big
organizations such as FedEx, Renault, Telefonica and NHS were struck and crippled by the
attack.
How does it spread?
According to the US Computer Emergency Readiness Team (USCRT), ransomware spreads easily when it encounters unpatched or outdated software. Experts say that WannaCry is spread by an Internet worm - software that spreads copies of itself by hacking into other computers on a network, rather than the usual case of prompting unsuspecting users to open attachments. It is believe that the cyber attack was carried out with the help of tools stolen from the National Security Agency (NSA) of the United States.
How to prevent from this attack?
1. Backup your data - The best way to protect your computer is to create regular backups of
your files. The malware only affects files that exist in the computer.
If you have created a thorough backup and your machine is infected with
ransomware, you can reset your machine to begin on a clean slate,
reinstall the software and restore your files from the backup.
2. Update Anti-virus program - According
to Microsoft’s Malware Protection Centre, other precautions include
regularly updating your anti-virus program.
3. Block pop-up - Enabling pop-up blockers in your browsers.
4. Keep your system up to date - Update all software periodically, specially your operating system.
5. Be alert online - Don't open suspicious mails, attachment and links.
Comments
Post a Comment