Ransomware is malware that employs encryption to hold a victim’s information at ransom. It encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.
How Does Ransomware Work?
Ransomware uses asymmetric encryption. This is cryptography that uses a pair of keys to encrypt and decrypt a file. The public-private pair of keys is uniquely generated by the attacker for the victim, with the private key to decrypt the files stored on the attacker’s server. The attacker makes the private key available to the victim only after the ransom is paid, though as seen in recent ransomware campaigns, that is not always the case. Without access to the private key, it is nearly impossible to decrypt the files that are being held for ransom.
After a successful exploit, ransomware drops and executes a malicious binary on the infected system. This binary then searches and encrypts valuable files, such as Microsoft Word documents, images, databases, and so on. The ransomware may also exploit the system and network vulnerabilities to spread to other systems and possibly across entire organizations.
Once files are encrypted, ransomware prompts the user for a ransom to be paid within 24 to 48 hours to decrypt the files, or they will be lost forever. If a data backup is unavailable or those backups were themselves encrypted, the victim is faced with paying the ransom to recover personal files.
How To Stay Safe From Ransomware Attacks
To avoid ransomware and mitigate the damage if you are attacked, follow these tips:
Ensure Regular Backups
The best way to avoid the threat of being locked out of your critical files is to ensure that you always have backup copies of them, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup. Backups protect your data, and you won’t be tempted to reward the malware authors by paying a ransom. Backups won’t prevent ransomware, but they can mitigate the risks.
Secure Your Backups.
Make sure your backup data is not accessible for modification or deletion from the systems where the data resides. Ransomware will look for data backups and encrypt or delete them so they cannot be recovered, so use backup systems that do not allow direct access to backup files.
Enable Two-Factor Authentication (2FA)
Two-factor authentication (2FA) also known as two-step verification or multifactor authentication which is widely used to add a layer of security to your online accounts. For instance, you’ll be asked to verify your identity through another device, such as a phone. This reduces the risk of successful impersonation by hackers.
Enable Automatic Backups
Make sure all your devices are protected with comprehensive security software and keep all your software up to date. Make sure you update your devices’ software early and often, as patches for flaws are typically included in each update.
Avoid Public WiFi
Avoid using public Wi-Fi networks, since many of them are not secure, and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN, which provides you with a secure connection to the internet no matter where you go.
Always Choose Strong Password
Make your password at least 30,000 times stronger by using a combination of mixed-case letters, numbers, and special characters compared to a password consisting of only lowercase letters. One trick that is not suggested is replacing characters with the common numbers and special character replacements in dictionary words, like this: tr1ck0rteat. Also stay away from using sequential patterns like: “123”, “abc”, or even common sequential keyboard patterns like “asdf” or “qwerty”.
