As the Internet continues to evolve, so does the dangers associated with it. One of such security threats is called ransomware.
What is Ransomware?
A Ransomware is a vicious computer program created to encrypt files on computers, preventing the owners from accessing them. At the end of the day, the aim of such attempts is to extort money (usually bitcoins) from the owners of the systems before they can be decrypted or unlocked. At other times the threat is to publish sensitive data into the public space.
Ransomware is equally known as malware. In extreme cases, users are even locked out of their computers.
History of the Ransomware
For over a decade now, black hat hackers have used malware as a means of extortion. The malware type used in this case is called a worm. When introduced into a system lacking security, it begins to replete itself (without any human help) in other unprotected systems on the same network.
- Sam Sam Ransomware;
On March 2, 2016, the cryptoworm Sam Sam (also known as Samsa or Samas) was discovered. Exhibiting characteristics of both a ransomware and worm, Sam Sam shut people out of their unprotected systems, demanding a ransom payment in the form of bitcoins before files or systems could be unlocked. It actually self-replicated into other unsecured systems, spreading across networks and servers.
Most of the victims of Sam Sam malware were from the health care sector. In a recent case, a hospital in Indiana was made to pay a whopping 55,000 dollars (an equivalent of 4 bitcoins at the time) to obtain access to its files.
- Wanna cry Ransomware;
The wanna cry ransomware is another example of a cryptoworm that made waves and affected a lot of individuals.
The malware affected hundreds of thousands of unsecured computers around the world. Working in a similar manner to Sam Sam wanna cry, it locked people out of their systems, demanding a ransom before they could be granted access again.
The wanna cry situation was very unfortunate. Due to the build of the malware, the criminals could not decipher which computer had paid the ransoms demanded. This meant that even the attackers could not unlock the unprotected systems they attacked even after the ransom had been paid.
Over the years, ransomware has become a sure bet for cybercriminals. Truth is that no business can be fully immune to the treats that a Ransomware poses. The best thing to do would be to learn how they function, how to detect them, prevent them access, and also how to respond in the face of a threat.
How Ransomwares Work
A Ransomware has a sole aim, which is locking the users out of their systems or denying them access to files. This is done to demand a ransom of some sort.
A ransomware is built to target security lapses in software or human lapses.
Software Security Lapses
For software security lapses, the aim of these cybercriminals is to find security lapses in software and exploit them. Every software has bugs and weak points. That is why software companies update their applications from time to time.
Every update is a fix of one security lapse or the other in a former version. Cybercriminals understand this also. Whenever software is updated, they manage to obtain the information of the security loopholes in the former version, and prey on users who are yet to update their software.
Human Weakness
This could be simple carelessness on the part of a user. For example, a computer with sensitive information is continually exposed to the internet, it is very possible that ransomwares could find their way in. Installing or opening files from unknown sources. Installing untrusted apps and opening untrusted emails could be very risky as these are means by which ransomwares get into servers.
When a ransomware gets into the system, it replicates itself into all other systems lacking security on the network, and then shuts owners out, until the demanded ransom is paid.
How to Prevent Ransomwares
As the popular saying goes, ‘prevention is better than cure’. It would be better if you never had a ransomware at all than having to pay large sums in ransom for your files. Below are some steps you should take to protect your server from ransomware.
1. Backup Your Data.
This is very important. If data is backed up (both locally and in the cloud), it would offer double protection against ransomware.
If a system with its data well backed is attacked by a ransomware, then the backup can be used to restore the system. It is also advisable to have multiple backups. It also is of grave importance that backups be encrypted if the information contains sensitive data. In the most extreme cases, backups may be made locally only.
2. Segregate Your Data.
Do not put all of your data in one network. It is very difficult for attackers to access all of your data at the same time if they are split up into different zones in a network. Doing this could be a lifesaver.
3. Install Protective Software.
Installing protective software can help protect your system/server against ransomware. Such software would help in early detection of any threat, and deal accordingly. Such applications can detect and alert you when threatening ransomware apps are about to be installed.
You can also use the local firewall in the system to detect and handle threats and keep ransomware attacks at bay.
- Update Software.
Updating the software available on your system is a very good way to prevent any ransomware attacks. Ensure to install all patch updates as it reduces the security loopholes that ransomware attackers can exploit.
4. Run Regular Security Scans.
Running regular security scans and checks is a good preventive step to take, as they can help you detect security threats in real time, and ensure that the system is kept protected.
5. Create Restore and Recovery Points.
For windows users, you can create restore and recovery points on your system. All you have to do is head to the control panel on your system, find the system recovery function and activate system protection. You should also frequently create restore points to keep a certain level of protection.
6. Train Your Staff as Well as Yourself.
This is a very important preventive measure for companies, especially those with a large staff and wide networks. They must be educated and learned about cyber security, and how it can affect work, or make systems vulnerable.
As much as we install software and put certain measures in place, they would be ineffective if the human element remains careless. Thus, employees must be taught to leverage on available apps, and also be informed about the current happenings in the cyberspace and about ransomware.
They should be careful with emails and attachments, public Wi-Fi or any other factors which may serve as a channel for attacks.
Also, employees should be proactive to report every suspicion.
7. Use Strong/Secure Passwords.
If passwords are not strong in the first place, it would be pretty easy for hackers to gain unauthorized access to systems and data. Do not use the same password for multiple websites. It could turn out a misfortune in the end. Use strong and distinct passwords. This would improve your system security.
8. Examine Every Link.
Do not click on every link, mail, or file without thorough examination. If you get emails with.exe, .vbs, or.scr attachments, it would be wise to not click on those no matter how trustworthy the source may seem. These files could be Ransomware.
One of the ways you can increase security on this is to make the extension of every file visible. This means you can see the extension and know what kind of file you are dealing with.
Also, be careful about clicking links. Some links may be thoroughly compromised and may lead you to a place where you may download a ransomware to your system.
9. Protect Your Email Server.
Your email server is one of the entry points which cyber hackers may use to attack your system. You must take measures to protect your email server.
Block all unknown email addresses and attachments. You can set up your mail server in such a way that known addresses used by spammers and malware deviants are blocked. Also ensure to block unrequired ports on your server.
10. Limit Internet Activity and Connectivity.
If nothing comes into your network, you should be fine, and your systems will be secured. As much as the internet is needed, the activities performed there must be done carefully. It is important that you monitor downloads on your system. This is especially true as most ransomware must first be downloaded. If the internet is not in use, disconnect it.
Getting Rid of Ransomware
Once you are certain there is a ransomware in your system, here are a few steps you can take to trash out the malware:
1. Isolation.
The first thing is to isolate the affected system from the network to ensure that the other systems do not get infected.
2. Identification.
The next thing is to identify what strain of malware you are dealing with. This would be helpful in handling the ransomware moving forward.
3. Report.
Report to the appropriate authorities about the compromise. Report to your IT office, your service provider and by a stretch, the FBI about such a compromise.
4. Treat the Issue.
There are many approaches that can be taken to treat the ransomware. Paying the ransom is not one of such options. The FBI warns against such. This is because paying the ransom will not always ensure you get the files back. Also, it encourages the perpetrators of such crimes to do more harm.
Instead, get access to your backed up data. If you have no backup, you may have to format your system ad cut your losses.
In conclusion, the internet is not as safe as it used to be. Hence, we must take the right steps in the right direction to ensure that our systems and networks are secured.