Ransomware: Major Cyber Threat in 2016

Many of you must have heard about ransomware before. Some may know it well or directly face its attack before. Some others, however, may not know what ransomware is exactly as the word may just ring a bell. In this article, I therefore would like to explain about ransomware so you all be aware of this major cyber threat. 

Ransomware comes from two words, Ransom and Software. The word is coined to describe the malicious software that seeks to get a ransom from its victims. Ransomware is a type of malware. The world’s first ransomware appeared in 1989. Widely known as AIDS Info Disk (or AIDS), it launched its attacks via the more than 20,000 diskettes that were handed out to participants in the 1989 International Aids Conference. Given that the World Health Organization staged the event, participants initially did not suspect any foul play. As soon as the victims opened the diskette and downloaded files, the ransomware automatically downloaded onto the computer. Nothing bad happened in the beginning. It was only after a total of 90 reboots that the infected computer would find that all its files were maliciously encrypted and all directories were hiiden. When the attack manifested itself, victims received a notification that they could recover all files by paying a ransom of USD189 to a P.O. Box in Panama. That box was registered under the name of PC Cyborg Corporation. So, the world’s first ransomware is also widely known as PC Cyborg.

Ever since that attack, many other ransomwares have wreaked havoc in the world. To say the truth, ransomware situation has apparently aggravated during the past five years. Since 2012, ransomware attacks seem to increasingly target personal devices such as notebooks, tablets and smart phones.

Ransomware attacks take place in either of the two following forms:

1. Computer screen is locked. Users are unable to access any computer function; or

2. All files such as photo files and any file in the formats of .doc .ppt .xls and .pdf in the infected photos are encrypted.

In both cases, a notification will appear on computer screen asking device owners to pay a ransom within a specified timeframe. The countdown will appear too, going from 72:00:00, to 71:59:59, to 71:59:58, and so on. Ransomware usually demands payments in Bitcoin (each Bitcoin costs about Bt15,000), because it will be difficult for victims to trace to attackers. If payment is not made within the deadline, the ransom amount will rise further.

 

Below is the computer screen attacked by Crypto Ransomware 

Between late 2015 and early 2016, ransomware attacks become even more malicious and varied in forms. As high-speed Internet becomes increasingly efficient and popular, ransomware has acquired a more damaging power. So, some ransomwares have shifted their attention from personal devices to websites. Portraying themselves as something innocent in PHP language, they usually target websites operating on Content Management Program (CMP) such as Wordpress and Magento. When hit by ransomware, websites will become inoperable. A demand for ransom instead will appear on web pages. Some ransomware is even more complicated. It is embedded with a worm, which seeks to infect other devices in the same network or server. As a result, the said ransomware can take many more computers hostage and cause widespread damages. When attacked, some organizations have completely lost public trust. Damages to them therefore are inestimable.  

From the above information, you must have got a clearer picture of how dangerous ransomware is. Many of you by now must have been thinking about prevention. So, I hereby list down approach for you to prevent or at least minimize ransomware risks. Also included are how you should respond upon the detection of ransomware. Take note that efforts to remove ransomware may not be always successful. So, you had better prevent the ransomware infection than trying to removing it later.

Two Easy Ways to Block Out Ransomware

1) Using prevention tools such as Anti-Ransomware or Anti-Virus can block out many ransomware programs. However, such tools cannot thwart the attacks of new ransomware that the Anti-Ransomware or Anti-Virus programs have never known before. Such new ransomware is widely referred to as Zero-d.

2) Device users’ anti-ransomware knowledge can be useful. For example, users should never open files from unidentified senders. In fact, users need to exercise judgment even if they know where the files come from. In events that users receive files via Microsoft Office, do not enable Macro mode. Updating browser software can also boost protection against ransomware. Constant updates reduce any risk from loopholes between the old and the new versions. With constant updates, the risk of browsing into dangerous websites gets lower. Users will then be able to avoid unreliable websites. Some pornographic platforms or websites advertising free program downloads may spread malware or ransomware. 

Three Ways to Solve Ransomware Attacks

1)            Turning to Decryption Program. It is free for download at some websites such as  https://noransom.kaspersky.com. This program works as Ransomware Decryptor to help decrypt attacked files. Via the platforms of security-tool providers, users can hack into the server of ransomware producers and get the key for decryption. Such tools are designed to help ransomware victims across the world. But such Ransomware Decryptor can deal with just some parts of the attacked files. Not all files can be recovered, except when other IT-security agencies happen to find the additional key for decryption.

2)            Paying ransom. Many victims have agreed to do this because it is a quick way to try to get back their files. Some have done so because they have an urgent need to use the said information or because Ransomware Decryptor cannot help. By the way, ransom payment does not guarantee that victims will definitely get proper decryption. Do not forget that the persons who spread such malicious malware are ill-intentioned in the first place. So, victims cannot complete trust in such persons. Aside, victims should be aware that by paying ransom, they will encourage the spread of such cyberattacks. The ill-intentioned persons may also use money in bad causes in both online and offline worlds.

3)            Using backup data. Such data can be used only when it is saved in protected format. It must be the version that is not possible for editing or saving. For example, data from protected CD/DVD can be retrieved for use. It is also possible to get backup data from service providers who offer such backup services. It should be noted that data from shared drive or External Harddisk may be vulnerable to ransomware as soon as it is opened from an infected device.

 

I hope all of you by now understand more about ransomware threats and how to deal with them. Please follow my articles on UIH website. I will continue to cover interesting IT topics.

 

For more information, please contact UIH Marketing Team at

Tel: 0 2016 5000 
Email: info@uih.co.th

Writer: Suwat Lokapattana (UIH)