What is Ransomware? How to protect your PC from ransomware attacks?

 

You return home from the office, turn on your computer, here it is- a tormenting message informing you that the data on your computer system is encrypted. The only way to unblock it is to pay the ransom. You have been hit by a Ransomware.

Let us know something about “ransomware”?

Ransomware is a modern day abduction technique where the victim is barred from the system access and a ransom is demanded in order to restore data. The user is generally notified regarding the exploitation and even the instructions are provided to recover the files. The malware restricts access to computer data and demands a ransom in exchange to lift the block. The attack may also display fraudulent error messages.

The main motive of implementing ransomware by the cyber criminals is strictly monetary and unlike the other malicious software, the victim is informed about the exploitation. The idea is not what the data is worth to someone else rather how much someone can pay to ransom it.

It blocks the victims’ computer usage either by encrypting certain part of the hard drive or displaying a message that the system has been locked. Once the files are infected, which may be for whatever reason but can only be recovered after the certain ransom is paid. The ransoms paid are demanded electronically through virtual cash so as to hide the identity.

Ransomware kits on the internet are readily available which had allowed the cybercriminals to easily launch an attack with minimum or no technical background by purchasing the inexpensive ransomware-as-a-service (RaaS) programs.

How ransomware inflicts the system?

The ransomware can be spread through e-mail attachments, infected storage devices, unauthorized and compromised websites and infected software applications.

The malicious software may manipulate the victim’s user credentials for the computation of the device and in data kidnapping attack the malware may encrypt files located on the storage devices as well as connected networking devices.

Modus Operandi

The ransomware attacks are generally carried out by a Trojan, entering the computer system through any downloaded file or a pitfall on a bad network. The program then runs the payload thus exempting user access in some fashion. Some of the payloads may contain only an application which is designed to lock the system until the ransom is paid.

It is a three-way protocol:

  1. The attacker releases the malware by generating a key pair and puts the corresponding public key in the malware.
  2. The malware encrypts the victims’ data by generating a random symmetric cipher text. It implements hybrid encryption technique to encrypt the files where a public key is used so as to encrypt the symmetric cipher text. It replaces the victims’ symmetric ciphertext by an asymmetric ciphertext and nullifies the symmetric key and the original cipher. It then displays the message containing the asymmetric ciphertext and way to pay up the ransom.
  3. After the victim sends the asymmetric key and the virtual money to the attacker, then attacker decrypts the asymmetric ciphertext employing the attackers’ private key. The attacker sends the symmetric key to the victim where the user can decipher the encrypted data.

This completes the cryptology procedure.

 Types of ransomware

  • Lock screen Ransomware: It deprives the user access to the computer device.
  • Encryption Ransomware: It manipulates the files contained in the device.
  • Master boot record Ransomware: It manipulates the master boot record.
  • Ransomware encrypting web servers: It encrypts the web servers threatening to post certain information publicly.
  • Android mobile device Ransomware: It is installed as a .apk and can display block message on all applications.
  • IoT Ransomware

Precautions:

  • The Windows operating system should be upgraded regularly so as to curb the threat of ransomware threats.
  • Data should be backed up to an external hard drive.
  • Turning off of the Remote Desktop feature minimizes the threat of ransomware.
  • Antivirus should be genuine and should be updated regularly.
  • Avoid using malicious or unauthorized websites.
  • Enable the system protection or file history.
  • Scan the email attachments before downloading.
  • Always use a password protected internet connection.
  • Disable macros in the Microsoft Office programs.
About the Author

Steve

View Posts →