Ransomware is a form a malicious software that locks up files on the computer, encrypts them, and demands ransom/pay to return the files back. It adds that, if you fail to pay within the given time, the ransom amount will be doubled, and if you still fail to pay, you will lose the files forever.
Malware (contraction of malicious software) is a piece of software of written code to gain access or damage a computer without the knowledge of the owner. This written program is then infected into the system/network of the targeted computer/server. There are a number of vectors ransomware can take to access a computer. One of the most common delivery system is phishing spam– attachments that come to the victim in an email, masquerading as a file they should trust. Downloading a bad program or app, and visiting a website that is displaying malicious adverts can also result in an infected device. USB sticks are another common way by which malware attack and spread in a system. Even systems in a computer lab might be infected with malware and when you transfer files from infected system to your system with USB stick the infection enters your system as well. Once the malware makes its way into a system, they begin to damage a system’s boot sector, data files, software installed in it and even the system BIOS. This further corrupts your files and your system might shut down as well. These ransomware software programs are designed to spread in a system. A ransomware, finds files with JPEG, XLS, PNG, DOC, PDF, PPT etc file extensions. These files are usually important images and documentation, so there is a good chance the hacker will encrypt a file that you need. After encryption, the malware tells you that your data is being held for ransom and asks to pay in bitcoins. The digital currency is popular among cyber criminals because it is decentralized, unregulated & practically impossible to trace.
WannaCry (May, 2017) malicious software has hit Britain’s National Health Service, some of Spain’s largest companies including Telefonica, as well as computers across Russia, the Ukraine and Taiwan, leading to PCs and data being locked up for ransom. It uses a vulnerability known as EternalBlue, first revealed as part of leaked stash of NSA- related documents in order to infect Windows PC’s and encrypt their contents, before demanding payments of hundreds of dollars for the key to decrypt files. It encrypts user files using AES and RSA encryption ciphers meaning the hackers can directly decrypt system using a unique decryption key. The coordinated attack had managed to infect large number of computers across the health service less than 6 hrs after it was first noticed by security researchers, in part due to its ability to spread within the networks from PC to PC.
Many organisations in Europe and the US have been crippled by a ransomware attack known as Petya (June, 2017). The malicious software has spread through large firms including the advertisers WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk leading to PC’s and data being locked up and held for ransom. Once, a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one. It has a better mechanism for spreading itself than WannaCry. According to NTT Security 2017 Global Threat Intelligence report, 28% of ransomware attacks targeted business and professional service firms over the last year. 19% of attacks targeted govt & public sector employees, with healthcare services providers accounting for 15% of ransomware attacks. The various other known ransomwares are,
CryptoLocker(2013): A attack that launched the modern ransomware age and infected up to 500,000 machines at its height.
TeslaCrypt (2015): It targeted gaming files and saw constant improvement during its reign of terror.
SimpleLocker(2014): The first widespread ransomware attack that focussed on mobile devices.
Locky(2016): It was similar in its mode of attack to notorious banking software Dridex.
The smartest way to avoid malware is to take precautions to prevent the malware from infecting your computer or device in the first place. The most important way to prevent malware from reaching your computer is by making sure you have an antivirus/antimalware program installed and that you have it configured to constantly look for signs of malicious activity in downloads and active files. Beyond software that automatically keeps an eye out for malware, the most important thing you can do to protect your computer is to change your behavior. One way is to avoid opening email and other messaging attachments from people or organizations you don’t know or don’t trust. Even if you do know the sender, make sure that whatever is attached is something you were expecting or can follow up about in another message. One clever way malware is spread is by auto-mailing copies of itself to friends and family in an email contact list. Avoid allowing malware to take advantage of security vulnerabilities in your programs by making sure you’re updating your software when updates are available, especially ones for Windows.
Author: Akshay Palande
Akshay Palande is a passionate teacher helping hundreds of students in their UPSC preparation. With a degree in Mechanical Engineering and double masters in Public Administration and Economics, he has experience of teaching UPSC aspirants for 5 years. His subject of expertise are Geography, Polity, Economics and Environment and Ecology.