By Nilesh Jain, Country Manager- (India and SAARC), Trend Micro
Let’s wound the time clock backwards. Ramsomware, the malicious malware, have been very much present since the late 1980s. In 1990s, the concepts underlying public key crypto-based ransomware were conceived as an effective money extortion mechanism by hackers. Unfortunately, with the emergence of privacy infrastructure and crypto currencies such as Bitcoin, it is now possible for cyber criminals to commit such cybercrimes and get away with it smoothly.
The worrisome fact is that, the recent Ransomware novelty lies in the anonymous monetization or payment-exchange method. The burgeoning number of ransomware attacks are now making it indispensable for institutions worldwide to implement traditional as well as innovative security measures as well as creating awareness and executing policies to secure vulnerable platforms and tools.
Though the most dangerous ransomware are names like CTB-Locker and CryptoWall, there are a variety of new names exploding up and wreaking havoc, like the recent Crysis ransomware.
Also Read: Is Indian Govt Ready For Ransomware Attacks?
Essentially, a ransomware is a type of malware that locks up computers or computer files and won’t allow users to access them unless they pay up a ransom amount. Its almost as close to cyber –terrorism and digital epidemic. Ransomware, at the core of it, functions like any other type of malware. The malicious software enters onto users’ computers when they open email attachments that have it embedded, visit infected Web pages or download certain software. Then it uses encryption to scramble users’ files.
While IT experts might be able to remove the ransomware after their systems been infected, they often can’t unscramble or de-encrypt their data without the hackers’ assistance. Moreover, once the ransom is paid, there is no guarantee that the hacker will be kind enough to give back the files. On the contrary, they are more likely to use it again to extort more money from the helpless users. Apart from just financial loss, there is a loss of reputation at stake, as a sizeable portion of sensitive business critical data end up in the wrong hands.
The actual cases of ransomware attacks have witnessed an upward spiral over the last 6 months. Researchers have noted a huge uptick in the number of actual and attempted infections and in the types of ransomware circulating in the wild. Some hackers encrypted files and asked for ransom, some just locked the files for a limited time period and some others played around with the user, causing stress but no real harm.
Ransomware is attractive because it helps cyber criminals to mint money in a jiffy. And it’s been boosted by two major technical advances. CyptoLocker, a malware tool that encrypts the files of infected computers, started making a headway. More recently, selling of ransomware software on the so-called Dark Web became very common, enabling even those without a technical background to get into the cyberransom sport. And, it must be noted that, no device is immune from ransomware, be it Windows, IoS or Android smartphones and tablets.
While it is incredibly difficult to treat a ransom ware-infected computer, ensuring basic computer hygiene is quite the best way to mitigate risks - including running anti-virus software regularly, keeping that and other software on your computer up-to-date and making frequent backups of your data to a drive or cloud that is typically disconnected from your machine or for that matter, your IT infrastructure.
The new versions and variants of ransomware can infect not just your main hard drive, but any external drives that are attached and other online storage services. The best solution is thus, having a good backup at a separate place.
Globally, by the end of 2014, there were only 16 main families, or types, of ransomware in the wild, according to Malwarebytes. Last year, there were 27 new ones. In the first quarter of this year alone there were 15 new families added.
Now, let us look at few measures that you can adopt if your computer is infected by Ransomware:
# Disconnect your computer from all shared networks and connections. In some cases, if you detect the infection early enough, you can minimize the damage by taking your PC offline
# Identify the spread and intensity of the infection early on. If you stop it in time, ransomware may not lock up all your files. So comb and clear the infection and backup whatever data is secure
# Look for tools and strategies to fight the intrusion. You may find a way to decrypt encrypted files by studying the type of ransomware
# Look for a countermeasure. If you determine the type of ransomware, you can sometimes find software that will decrypt your files.
# Consult with a computer technician. A technician may be able to help you recover your files, particularly if the malware attack is relatively unsophisticated.
Pay the ransom. This should be your last resort. Law enforcement agencies advises against it, warning it only encourages criminals. And there’s no guarantee if you pay the ransom that the hackers will give you either the key needed or sufficient time to recover all your files. But if you can’t get access to your files any other way and your business depends on them or they include irreplaceable items that are pivotal to your business, then you might just consider it.
The ransomware business model seems to be profitable and safe for criminals, and the security industry and users can change that just by implementing certain basic measures. Maintaining backups and educating users and employees to the cybersecurity risks is the most effective strategy to combat the burgeoning epidemic.