With ransomware attacks being reported almost daily we thought that it would be helpful to answer some simple questions about this type of cyberattack. In this article we are going to discuss in simple terms what Ransomware is, how the actual attack is carried out, and finally a list of easy to follow tips in order to avoid ransomware attacks.
What Is Ransomware
Ransomware is considered to be a form of malware that encrypts the infected target's files or hard disk usually using a technology named public-key cryptography. This type of technology, is used by Ransomware to encrypt victim's data using a “public key” (included in the original malware payload) and a “private key” (most of the times not included in the original payload). In order for someone to decrypt the encrypted data, he or she would have to gain access, somehow to the private key.
The Ransomware uses the aforementioned technology to encrypt the victim's data and asks for ransom, to allow access to the private key. After the demand is made, users are shown instructions on how to pay a fee to get the private key.
The costs range from a few hundred dollars to a few thousand, payable to cybercriminals usually in Bitcoin (a digital currency, that can be used for supposedly non-traceable transactions) or even an other type of cryptocurrency.
How Ransomware Attacks Work
Ransomware attacks are most of the times carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. The malware can also be spread through chat messages or even untrusted removable USB drives. Some Ransomware attacks are carried out using remote system exploits and don't require any user interaction at all. There are even cases where the attackers brute force exposed services, such as Remote Desktop, to get access to the victim's systems.
Tips on how to protect yourself from ransomware attacks are listed below:
- Only click links from trusted sites
- Download content only from trusted sites
- Never open untrusted emails
- Make use of network content scanning and filtering
- Make use of trusted USB(s) only
- Keep all software and operating system up to date
- Use a VPN when using public Wi-Fi (this protects against malware drops through Man In The Middle attacks)
- Use up to date security software (e.g. antivirus, host based IPS etc.)
- Backup your data regularly and keep multiple backups
- Test your backups regularly (make sure you backup all your data and that a restore does not break things).
- Make sure you keep backups clean from infections
- After infection takes place isolate the infected host
Ransomware attacks are getting even more popular, huge corporations like Campari, Blackbaud, and Sopra Steria, Hospitals, and Election Offices; and those are but a few examples that we can find going back just a few weeks. So, as you see ransomware is everyone's concern, so please try to keep safe and when possible to boost up your cybersecurity walls.