All About Your Business Data Security
Don't Allow criminals to hold your computer hostage
What is ransomware?
Ransomware locks your computer or encrypts your files, holding them ransom until you pay a fee to the cyber criminals who hold them hostage. Once the encryption is complete, the ransomware displays a message demanding a payment – usually in Bitcoins – for the key to decrypt the data. Often the ransom demand comes with a deadline, and if payment is not received by that deadline, the ransom demanded may increase. Some types of ransomware also search for other computers to infect on the same network, and others also infect their hosts with more malware, such as banking Trojans that steal users' online banking login credentials. Today’s security leaders are faced with an uphill battle against the ever-changing cyber threat landscape. Ransomware attacks are becoming more sophisticated and cyber security professionals are taking action. With the right tools, you can prevent, detect and respond quickly to ransomware attacks threatening your organization.
How does ransomware work?
If you visit a compromised website or click on a spammed email that contains ransomware, it can attack the data on your computer or mobile device. Ransom prices can reach $830 or more (typically in bitcoins). Ransomware is on the rise as Trend Micro has blocked over 100 million threats since October 2015. And Android mobile ransomware threats have grown 15 times higher than they were in April 2015.
Common types of ransomware
The first ransomware virus was thought to be PC Cyborg, which appeared in 1998. It used simple symmetric encryption, and it was relatively easy to produce tools to decrypt files that PC Cyborg had encrypted. But it wasn't until 2012, with the arrival of the Reveton worm, that attempts to hold users' computers for ransom payments became commonplace. Reveton locked users out of their computers unless they paid a "fine" through a payment service such as Ukash. Two years later, CryptoLocker was released, encrypting user files and demanding a ransom for the key to decrypt them. This became the template for most subsequent types of ransomware that have appeared since. There are two main types of ransomware: Locker ransomware, which locks the computer or device, and Crypto ransomware, which prevents access to files or data, usually through encryption. Below listed are some types of ransomware.
Locky is a type of ransomware that was first released in a 2016 attack by an organized group of hackers. It usually infects users via malicious Microsoft Office attachments to emails. When the Office file is clicked, the file may prompt the user to enable Office macros, ostensibly to ensure that the document displays correctly, but in fact it allows the malware to run. After encrypting users' files, Locky displays a ransom note that is set as the user's desktop wallpaper. This instructs users to download the Tor Browser and visit a link specified in the note to pay the ransom. Locky targets a range of file types that are often used by designers, developers, engineers, and testers.
CryptoLocker is ransomware that was first seen in 2007 and spread through infected email attachments. Once on your computer, it searched for valuable files to encrypt and hold to ransom. The appearance of Cryptolocker in 2013 marked a change in tactics by criminals. It was the first example of ransomware that followed the now-familiar path of encrypting users' data with a different, randomly generated symmetric key for each file. The symmetric key is then encrypted with a public asymmetric key and added to the file. Once all the files of about 70 common types have been encrypted, the ransomware displays a ransom message demanding payment in return for the private asymmetric key, which is needed to decrypt the symmetric keys for each encrypted file. It warns that if payment is not made by a deadline, then the symmetric key will be deleted, making data recovery impossible. It also warns that any attempt to remove the ransomware would result in the assymetric key being deleted.
WannaCry infected more than 100,000 computers in May 2017 by taking advantage of an unpatched Microsoft Windows vulnerability (MS17-010).
Bad Rabbit is a 2017 ransomware attack that spread using a method called a ‘drive-by’ attack, where insecure websites are targeted and used to carry out an attack. Drive-by attacks often require no action from the victim, beyond browsing to the compromised page. However, in this case, they are infected when they click to install something that is actually malware in disguise. This element is known as a malware dropper. Bad Rabbit used a fake request to install Adobe Flash as a malware dropper to spread its infection.
How do I prevent ransomware?
The best defense is a good offence. Block ransomware from entering your computer with CompuSet expert advise. CompuSet is a partner of Trend Micro and Industry experts recently recognized Trend Micro as blocking 100% of ransomware threats as well as offering 100% effective protection against web threats.