RansomwareRansomware is a malware designed to deny users from accessing their computer data. It also operates to attack victims by threatening to publish their personal information until a ransom has been paid. Attackers restrict users from accessing their computer by locking the system’s screen or by locking their personal files. Newly advanced malware is categorized as crypto-ransomware. This malicious software encrypts the user’s personal files making them inaccessible unless the user pays the demanded sum of money through a specific online payment system to get a decrypt key.
RansomThe price of the ransom can range from hundreds to thousands of dollars depending on factors such as the company’s status, the sensitivity of the stolen data and the exchange rate of digital currencies. Bitcoin is becoming a common form of a ransom payment. Itunes and Amazon gift cards are alternative forms of payment. It is said that paying ransoms may not guarantee that the attacker will provide the victim with a decryption key or an unlock tool to the stolen files.
Ransomware infectionRansomware can enter an individual’s computer in several ways. They can be downloaded into computers through Pop-ups when users visit unsecured websites. The most common way is through phishing spam which is an email with an attachment posing as a reliable file. Once the file is downloaded and accessed, the virus takes over the victim’s computer. The ransomware locks the computer screen and encrypts some or all of their files. The user is then notified of the attack through a large display with instructions and the ransom demanded. The attacker may restore the files once the ransom has been paid.In some cases, the attacker may cosplay as a law enforcement agency that threatens the user to pay a fine for owning pirated software or pornography in their computer. This method will reduce the chances of the victim reporting the threat to the authority.TargetAttackers target their next victim in different ways. They attack universities because they participate in a lot of file sharing and have a weaker security team. This makes it easier to trespass their defence system.Organisations such as government agencies and medical facilities are also considered tempting targets as they tend to pay off ransom rather quickly. This is because these organisations require immediate access to their files. Law firms with sensitive data are prepared to compromise quietly due to leakware attacks.AttacksThe first well-known attack occurred in 1989 by a PhD and AIDS researcher, Joseph Popp. He attacked over 90 countries by distributing 20,000 Floppy disks to AIDS researchers. He claimed that the floppy disk contained a program that analyzed the risks of AIDS. In reality, the disk contained a malware that activates after the computer has been activated 90 times. The malicious software demanded a ransom of $189 and an additional $378 for a software lease. This ransomware is known as AIDS Trojan or PC Cyborg.Protecting against Ransomware AttacksThis is a list of steps that should be taken into consideration when trying to reduce the risk of a ransomware attackData Backups – Users and organisations should always backup vital files and system so that they can be restored after a ransomware attack. This is considered one of the strongest defence against a malware attack. Furthermore unnecessary data contained within each employees email should be regularly deleted after saving it into the company’s system so any damage from phishing or malicious software through emails can be reduced. Software Update – Software creators such McAfee regularly provide updates for their software to help improve the programme and to protect it against threats. An IT team should be established in the organisation to be in charge of this update to reduce potential attack. It is important to create a team of fixed and limited employees to strengthen security. Limitation on Employees – Businesses should place a limitation on employees who use devices connecting to the company network and devices containing vital business files and records. All employees are given different ranks of access according to their position level in the company. This protects sensitive data from getting in the wrong hands. The company should require all employees to regularly change their password for all the software used.For any employee, contractor, any person who is given access to the system are required to complete the companies mandatory ransomware guideline course and online training on the company’s internal website. These guidelines will highlight the importance of password protection and the correct steps of personal access in order to reduce the probability of ransomware. Types of RansomwareCrypto-malware- Crypto or encryptor ransomware is the most common type ransomware. This malware encrypts the victim’s personal files while allowing them to have access to their computer / PC eg. WannaCryLocker Ransomware – A virus that infects the computer and gains complete control over the system, preventing users from accessing their computer data. ScarewareA software that persuades the user into believing that they have discovered a problem with their PC and demand them to pay a fine in order to solve the issue. Scareware appears as pop-ups, notifications and it may also lock the pc until the fine has been paid.