Protection

75

Ransomware what is it, why it matters, what is the next level, how to get protection

Posted on by Rubayat M.

antivirus-icon

What is it
Ransomware is a malware. What is does is hijack computer, encrypt its file system and then demand payment in exchange for the decryption or unlock key to its owner. It was a popular subject around the people who worked in the computer security sector – until recently this “bug” bites the mainstream news. A well-known hospital in California – Hollywood Presbyterian Medical Center had to paid $17,000 as ransom money in order to get their service restored.

Why it matters
Ransomware can attack any computer system – from someone’s personal computer to business computer. If not handle properly – computer owner can lost their data. And if business computer get infected then business can lose data and money . In the case of Hollywood Presbyterian Medical Center,  human life was in risk as patient’s medical report was not accessible by the doctor. And the hospital authority had to pay money in order to restore their normal operation.

This particular bug is getting sophisticated every day and attacking new computer systems. Anybody can be its next victim.

List of computer system it attacked
Microsoft Windows – the most common operating system that get attacked by ransomware.
Mac OS – Very few incident but numbers are increasing due to growing popularity of Mac. In July 2013, an OS X ransomware was identified. Although this was not a typical ransomware attack and was not able to encrypt the files.
Mobile device(android, i-os, BB, windows)-Mobile devices has auto backup option. User’s data is backed up in the devices cloud storage. Even if the mobile devices got attacked by ransomware – users can always get the original content back from the cloud. So ransomeware attacker cannot make money from this.

How to get protection
Advanced preparation is the best defense. Zero day vulnerability is a well-known term in the world of computer security. Zero day vulnerability refers to a hole in the software that is unknown to the vendor or the owner.

Large business organizations have layers of protection like firewalls, anti-virus, intrusion detection, web monitoring and will most likely stop the attack before it hit the computers in the network. Most of these organizations use thin client and perform back up on a regular basis. So even if there is any attack, organizations can restore their service shortly.

Most personal computer users do not have large organization like computer network. So it is easy to attack these systems. Here are few steps that can be taken –

Step 1 : Backup…backup…back up…your data – either in an external hard drive or in cloud based system.
Step 2 : Update your operating system’s system file. So your operating system will have the latest patch.
Step 3 : Install a good security software. If needed – pay for it.
Step 4 : If you have a home network – with Wi-Fi capability – please beef up your Wi-Fi security.
Step 5 : Avoid using unknown or open Wi-fi connection. This is one of the most common ways of getting infected with malware.

The Next Level
The people behind the ransomware is updating their tools regularly. In 2015 the group started ransomware-as-a-service and was hosted on the tor network. The group start using virtual currencies like bit coins for payments. This will help newer cyber criminals to use the tools and attack unsuspecting user.

New horizon for ransomware is the cloud storage and mobile devices. This means android, ios, blackberry, windows and other systems are in security risk.

December 2014, one financial company’s website was compromise. First a general website out of service message was displaying in the website. Then the financial company received a ransom note. Company’s database was encrypted by the ransonmware attacker. One security company was able to retrieve the encryption key and was able put the service back again. This type of attack is on the rise.

** as a service – primary application is hosted centrally. Client use a standard web browser to access the service. Primary application is maintained by the application developer.

Perpetrator
No specific groups have not been identified yet as perpetrator. The people or groups behind the common ransomware campaigns are going for quick money and targeting mostly the people or organizations of rich countries. In August 2012 FBI issued a warning message about ransomware on their website.
Warning link – https://www.fbi.gov/news/stories/2012/august/new-internet-scam/new-internet-scam

Final thought
No security or operating system is 100% foolproof. So nothing can give us complete security. Staying alert is the best action that we can take.

Writer – Rubayat M.