You might have heard about WannaCry, the world famous Ransomware Attack held in May, 2017. If you haven’t, here is a quick story:
WannaCry is the name of a Ransomware Cryptoworm that had shaken the world in May 2017. The victims were the computers running Microsoft Windows Operating System. It encrypted the data in the computers and the owners had to pay a bulky ransom to get their data decrypted. The ransom was to be paid in the Bitcoin cryptocurrency. Apart from the data kidnapping, Wannary also built a backdoor from the systems it had infected.
The scope of this attack was across 150 countries. It affected over 200,000 computers and caused the damage of hundreds of millions to billions of dollars. If you want to read more about WannaCry, Wikipedia has a beautifully explained story here WannaCry Ransomware Attack
Wait! Don’t switch now! Let us first understand:
- What is Ransomware?
- How Ransomware Attacks Work?
- How to Avoid a Ransomware Attack?
- What to do in case of a Ransomware Attack?
Why do we need to know what Ransomware is?
Primarily, because it’s interesting!
Secondly, because Ransomware-As-A-Service actually exists in the market! Wait, what?
Yes! Unethical vendors sell Ransomware as a Service (RaaS) to hackers and malicious elements usually over the dark web. It generally comes in the form of a software distribution kit which the hackers use to kidnap the data.
What is Ransomware?
Ransomware is a very popular type of malware. After infecting a system, it restricts the users from accessing their data stored on it. On such computers, the alert is usually displayed on the screen. The hackers ask the victim to pay the amount in exchange of the data. This payment has to be done using Bitcoin in most cases. This way, the malicious practitioners make sure that they cannot be traced.
7 tips to protect your data against ransomware
1) Backup your data often
The best fight against ransomware is by not being vulnerable to it. So what do attackers really want? They want to hijack your data and expect you to pay a ransom against it. so in the first place if you have your data safe both locally and on cloud, the first win falls in your court. The next part is making your data understandable to the attackers. so it’s best practice to backup your data daily both on your local computer system and on Cloud Service at multiple geo locations.
Why backup to multiple locations on cloud & offline? Ransomware attackers are smart. They first gain entry to your desktop and then they make their way and reach your servers. That means if you only have your primary server on the cloud, it can be vulnerable. even if you are backing up your data on an offline device, make sure that the device is connected to the network only in the process of backing up. the backup is done disconnect your device and keep it offline. This way, the attacker gets access to backup data on the offline device.
Remember the main function of backing up data safe. it does not prevent ransomware attacks. but it surely does provide you with a boost to fight against it keeping your important data safe.
The last but very important point regarding backup is its testing. You have your data on a cloud server and it is safe, your local system was attacked by ransomware and you lost your data. But you are sure that your data is safe on the cloud. Now you realise that the Restoration of data is not working. All the efforts, money and backup time in vain. Therefore when you create a backup important that you make sure it really works.
2) Avoid falling for suspicious emails or links, block unknown email ids
So how does ransomware attack the access system. You must be knowing about phishing and pharming. It is spamming you with seemingly okay mails which have either a fraudulent link or malicious document attached to it. It can be a video or a file that has a program written in it. It can be anything which has the power to rule your computer system. Therefore it is important to say no to search malicious and suspicious emails. Better yet, mark these emails as spam if they reach your primary mailbox.
Another way which has become common is known as malvertising. What is malvertising? when you search on Google almost every other website has advertisements hosted in it. What attackers do is they attach Malware Codes in these ads. Therefore, when you are not sure of an advertisement, don’t click on it.
3) Restrict network access
Ransomware attack can praise his or her part from one computer immediately therefore it is important that the computer system network that you are using is highly steady, restricted and secure. In this way, the entry of an attacker to your system becomes difficult and even if the entry happens, you have established an arrangement to remove the system from the network instantly.
4) Antimalware and Anti-Ransomware software
Whatever your work may be, whether personal, professional or industrial, you simply cannot operate your system without a protective software. A good Antivirus or Anti-Malware software protects your system by every filterable threat such as viruses, malicious files, etc. It frequently scans your system to find malicious documents or files. Most of the Anti-Virus and Anti-Malware have real time scan which prevents such ransomware attacks. Also make sure that your Firewall security is highly robust. If you are hosting your data on the cloud, don’t forget the security procedures that the data centre has provided to your data. If you are feeling threatened, go for excess security for your server.
Even though you are using an efficient anti Malware software it is important that you keep an eye on the logs. The ransomware may be in the plain sight not visible to the naked eyes.
5) Make your employees aware about ransomware
It is important to make your employees aware of ransomware attacks. let them know how and by what ways a ransomware attack and gain access to your system. This is especially important if one system office gets infected, ransomware attackers can easily trace a path through the local area network established in the Institution. Train Your employees about concepts like phishing and pharming.
It is always better to be protected. Therefore businesses – individuals and small scale companies should take strong security measures to protect themselves. If they are using a software, it is important to upgrade them from time to time and patch the security holes.
6) Use strong passwords
Hackers can attack your system if you have not been used in a strong password. There are multiple methods to secure passwords and access your system: brute force attack, dictionary attack, rainbow table attack, credential stuffing, password spraying, keylogger attack etc. All these attacks give Direct Access of your system to the hacker and the deed is done.
7) Immediately disconnect if your system is attacked.
If you see any symptom of a ransomware attack on your system, immediately disconnect from any network. Whether it is a lan, Wi-Fi or even Bluetooth,turn it off. It is like placing a rotten mango in the basket of mangoes. Also don’t forget to unplug the devices such as external, pen drive, USB aur even your mobile phone from the infected system.
Last but not the least, do not pay the ransom. it only encourages the attackers to attack more and more victims and leverage their helplessness. Instead try reaching the cybersecurity firm in your country and complain against the attack.