Clicking on a seemingly innocent weblink can incur greater costs than many individuals and corporations might imagine. Concerns around ransomware—a type of malware that typically enables cyber extortion for financial gain—have been mounting in recent times, with increased calls for greater consumer vigilance among the cybersecurity community. Reports show the average Indian firms paid over ₹8 crore ($1 million USD) ransom on average to mitigate the impact of ransomware on their operations, with some 82% of Indian firms hit by ransomware in the past year. In an increasingly interconnected world, ransomware now accounts for 27% of malware incidents, and 18% of organizations globally blocked at least one piece of ransomware, according to the 2020 Verizon Data Breach Investigations Report.
Reducing the threat of ransomware is tricky—it is difficult to prevent users from clicking on web links, especially those who do not know better. The best approach is to advocate for and educate the public on good security practices to prevent ransomware attacks. In this article, we will address the basics of ransomware, and explain how an informed approach can be taken to reduce the possibility of falling victim to an online attack.
What is ransomware, and how does it work?
Ransomware is malware that typically enables cyber extortion for financial gain. Bad actors can hide weblinks to ransomware in seemingly harmless emails or web pages. Once the ransomware is activated by clicking the infected link or downloading a file with hidden ransomware, it infects a computer system and encrypts computer files, preventing users from accessing their documents, applications or systems. When the ransomware has encrypted the files on the computer, it creates and displays a file containing instructions on how the victim can pay the ransom to regain access to their computer systems.
If the threat actor’s ransom demands are not met (i.e. if the victim does not pay the ransom), the files or encrypted data will usually remain encrypted and unavailable to the victim. Even after a ransom has been paid to unlock encrypted files, threat actors might sometimes demand additional payments, delete a victim’s data, dump the data on the dark web, refuse to decrypt the data, or even decline to provide a working decryption key to restore the victim’s access to their files.
Ransomware comes in many variants, and in recent years, has grown in the brazenness, prominence, and frequency of attacks. Well-known ransomware viruses include Cryptolocker and its variants such as Kriptovor and Teslacrypt, Cerber, and WannaCry.
How is ransomware introduced to a victim’s system?
Ransomware is commonly delivered through phishing emails or via a “drive-by download”—an unintentional download of malicious code to your computer or mobile device that leaves you open to a cyberattack. Phishing emails often appear as though they have been sent from a legitimate organization or a contact of the victim, enticing the user to click on a malicious link or attachment. The malicious code may run automatically after files have been downloaded onto the user’s computer, without any user interaction. After the malicious code has been run, the computer becomes infected with ransomware.
What can I do to protect my data and networks?
While ransomware is often unpredictable and attacks are increasingly sophisticated, there are a number of basic steps that may be taken to reduce the severity of an attack and protect yourself from potential extortion.
- Backup your computer. Perform frequent backups of your system and important files, verifying your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.
- Store your backups separately. The best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive or separate your device from the network or computer.
- Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their employees. Ideally, organizations should have regular cybersecurity awareness training to ensure their personnel are informed of cybersecurity threats. To improve workforce awareness, organizations can test their personnel with simulations of real-world phishing emails.
- Update and patch your computer. Ensure your applications and operating systems (OS) have been updated with the latest patches. Vulnerable applications and OS are the targets of most ransomware attacks.
- Open email attachments and hyperlinks with caution. Be wary of opening email attachments or clicking directly on links in emails, even from senders you think you know, particularly when attachments are compressed files or ZIP files. Make sure to scan all software downloaded from the internet with an antivirus software prior to executing.
- Use and maintain preventative software programs. Install antivirus software, firewalls, and email filters—and keep them updated—to reduce malicious network traffic.
- Always use a VPN for accessing the internet, when browsing the internet using public networks or shared networks
- Never use unfamiliar USBs. Never insert USBs or other removable storage devices into your computer if you do not know where they came from. Cybercriminals may have infected the device with ransomware and left it in a public space to lure you into using it.
What should I do if my computer is infected with ransomware?
Having taken the necessary precautions, it is still possible to fall victim to a ransomware attack—especially as cyber criminals become more and more sophisticated over time. If you fall victim to a ransomware attack, limiting the impact of the infection will be paramount in protecting your other systems and files. Following these steps should serve to limit the spread of the ransomware.
- Isolate the infected system, and turn off other computers and devices. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected whether wired or wireless.
- Power-off and segregate the infected computers. Power-off and segregate any other computers or devices that are in the same shared network with the infected computer that have not been fully encrypted by ransomware. Powering-off and segregating infected computers and computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists.
- Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.
- All users should: change all system passwords once the ransomware has been removed.
- Working with local law enforcement and IT specialists will also serve to mitigate the damage of a ransomware attack, and may lead to potentially locating and arresting malicious actors.
- Home users should: immediately contact your local law enforcement agency office to request assistance.
- Organizations should: immediately report ransomware incidents to your IT helpdesk or security office And follow the incidence response process to get systems back online.
How can I adopt good security practices?
Looking beyond ransomware and malware attacks, the basics of internet hygiene and good security practices should always be borne in mind by computer users. Simple steps can serve to fortify your systems from cybercriminals and would-be-hackers. Practicing computer safety should be a first priority for all netizens.
- Always use a strong password. Rotate or change your password regularly. Use a password manager to make the password management simple.
- Always log off public computers.
- Pay attention to browser warnings and shop smart online.
- Use secure Wi-Fi connections at home and away.
- Limit sharing information about yourself on social networks.
Download files legally. Avoid downloading files like torrents from p2p file-sharing platforms. Match and verify the hash of the file content after download
It is imperative for all computer users to take note of the risks associated with and identify possible malware links, adopting all possible precautions to prevent their computers from being infected with malware. With malware attacks on the rise globally and within India, now—more than ever—it is important to take the necessary precautions and to practice good computer hygiene to help circumvent the threat of falling prey to online attacks and the risks inherent to a cybersecurity breach. With minimal effort and common sense, organisations and individuals can avoid what are often very complicated and expensive processes of undoing a security breach and recovering corrupted databases and information.
Initially published at – Express Computer
Authored by Neeraj Khandelwal, Co-Founder, and Akash Mishra, Director of Security at CoinDCX
