RANSOMWARE OR NIGHTMARE
Just when technology began to take a leap forward, there came along a nuisance that proved to be a nightmare for those who had anything to do with data storage and information management. Ransomware. This new weapon remains the most lethal and ominous in the arsenal of hackers. The damage they incur can run into millions of dollars. And the irreparable loss that ensues as a result of bruised reputation and customer dissatisfaction is difficult to quantify.
Ransom malware, or Ransomware in short, is a class of software used with malicious intent by hackers to prevent users from accessing their system. It displays messages of payment in order to regain access to personal files.
It is a criminal moneymaking plan that is sent through links in emails, instant messages or websites. The authors of ransomware aim to lock a computer system or a website by encrypting key files with password. The victims are then asked to pay a certain amount to regain access to data that belongs to them.
HISTORY:
The earliest form of malware appeared in the 80s and was known as PC Cyborg or AIDS. This malware attacked the C directory of computers and blocked access by the user. A demand to renew license on payment of $189 would quickly ensue. In those years, the general public wasn’t fully conversant with computers to be able to reverse this simple encryption.
Over the next ten years or so, several other variants made their appearance but a true ransomware, known as GpCode, arrived on the scene in the early years of this century. In 2007 WinLock took hold of users’ desktop screens and infected them with malicious content and demanded payment to remove them.
With the arrival of Reveton family in 2012, users faced a new threat that denied access to their computers.
Instead, they were shown a large screen with dubious credentials linking them to law-enforcement agencies, FBI and Interpol Hence the name: law-enforcement ransomware. The authors would claim that they had caught the users committing illegal activity and that they were under investigation. Soon, they would demand a fine ranging from $100 to $3000.
More recently, hackers added another bow to their arsenal. They started using managed service providers to spread infectious malware now known as Sodinokibi ransomware. In 2019, data of hundreds of dental practitioners were attacked preventing them from accessing the records of their patients. This breed of malware had the capacity to interfere with smooth operations of professionals and their businesses to extract huge amounts of money.
Several other ransomare like the Wolverine Breach, Ryuk, SamSam, WannaCry, NotPeya or GandCrab made their appearance from time to time giving a headache to average users. But governments and lawenforcement people are working constantly to decrypt the malware and bring the cyber criminals in the net of justice.
TYPES: IT experts speak of three main types of ransomware. The threat they pose can range from mild to dangerous.
Scareware, the simplest form of ransomware, are designed to intimidate users and trick them to pay. Scareware often sends a steady stream of messages that their computer is infected and a certain payment is required to cure them. The messages will continue even if the users do not take any action but the data on system remains safe.
Screen Lockers first originated in Russia somewhere around 2005. The malware infects computers to display a full sized screen saying that illegal activity has been detected on the computer and a fine has to be paid.
Another variant of this type of malware, Crypto Locker, appeared in 2013 and infected Windows. A huge number of computers and businesses was affected by this malware.
Encrypting Ransomware can be vicious and have the capacity to deprive users with their precious data. This particular type of ransomware is dangerous because the hackers get hold of files and data and no software or system retrieval can work to get them back. A ransom, apparently, seems the only available course. Commonly, $100 to $200 is demanded for correcting and reviving the systems but sometimes, depending on the business that has been targeted, a larger amount is at stake.
RANSOM AMOUNT depends on the scale and severity of malware. Often, an amount ranging from $100 to $300 is a common demand. However, when large corporations and organisations are attacked, a greater amount is involved. Most of the cases in recent times have been linked to GandCrab which was
first detected in 2018. The malware has modified its encryption to a level that it has become impervious to defensive tactics. Its success can be gauged from the fact that this malware has collected over $300m as ransoms. The individual ransoms ranged from $600 to $700,000.
The cost of defending against such attacks can run into millions. In one infamous break in, the SamSam ransomware virtually brought the city of Atlanta to a standstill. It crippled the city’s vital services including revenue collection and police records creating a wave of panic and disabling officers from functioning smoothly. To recover from this damage, the city had to spend in excess of $2.6m.
PROTECTION & PREVENTION:
As with diseases, so too with ransomware. Experts on cyber security unanimously agree that the best way to protect from ransomware is prevention. While some steps of prevention are in common use, they are at best temporary solutions lacking method. The best approach is to adopt a strategy starting from investment in cyber security. At the lowest level, cyber security consists of installing a program or software on computer systems that effectively defends against malware by stopping ransomware in the tracks. Those users who beefed up their systems with any version of Malwarebytes for Windows, protected themselves from all sorts of malware attacks.
The next best thing to do is to back up files and data so that in the event of any ransomware attack, system retrieval together with reinstallation is an effective antidote. To backup data, cloud storage can be used which employs secure encryption and multi-layered authentication, which makes it difficult or even impossible for anyone to gain access with malicious intent. Just as effective are external hard-drives and USBs which can archive old and updated data. Care must be taken, however, to disconnect these devices once data backup is done, otherwise ransomware can infect these devices as well.
Updating the systems and software is the next big step one can take to protect against ransomware. Relying on old and outdated devices or apps exposes computers to cyber criminals and their crafty schemes. The WannaCryransomware took advantage of the security loopholes in Windows software in early 2017. Although Microsoft released an update, the users were slow to respond which exposed them to attack.
Educating oneself and in the case of businesses, educating the staff of the importance of cyber security is key to handling the threats. This involves detecting and identifying scam websites, suspicious links and malware. A rule of thumb: if something on cyberspace appears suspicious, it probably is.
While these are strategies individuals and businesses should adopt to prevent ransomware, there are steps one must take once a system has come under attack. The foremost thing to do is to keep oneself from emptying the pockets and paying the ransom. This encourages the cyber criminals and keeps their business going which means more attacks and more exploitation.
One can also use decryptors to retrieve some of the files that have come under the ransomware attack. While this can be successful in some cases, not all ransomware have effective decryptors.
A security app that can remediate and scan the system to remove threat can also help in thwarting the attack. It may not always be possible to get the lost files back but the infection will be treated and the threat will be gone, although the loss of data and damage to files has been done.
But if someone aims to challenge encrypting ransomware, the need to be alert is of paramount importance. Not everyone is trained to do this job. Besides, not everyone is supposed to do this job. That’s why it is important to invest in cyber security. While individuals can purchase software and apps designed to protect from malicious ware, businesses and large organisations can employ staff dedicated to ensuring that the entire system in place is free of malware and infections and that the precious data is constantly backed up.
With the increase in intensity of cyber attacks and constant change of tactics by cyber criminals, the need to invest in cyber security has acquired greater urgency. Businesses and individuals would do a great service to themselves if they invest a little amount for the sake of smooth operation. This will save them from a lot of hassle and stress in the event of an attack.