Ransomware and How to Keep Your System Protected?

On May 12, 2017 the world experienced a massive Ransomware Cyber Attack named WannaCry/ WannaCrypt upon discovery of vulnerability in older versions Microsoft’s Windows OS. The vulnerability was first discovered by NSA and then publicly exposed by The Shadow Brokers (The Shadow Brokers (TSB) is a hacker group who made their first appearance in 2016).

The attack infected more than 230,000 computers in 150 countries in few hours, with the software demanding ransom payments in order to reinstate the systems. Current WannaCry/WannaCrypt malware is specifically designed to target the Windows Operating System and the files enclosed within the system. Mobile Operating Systems like Android and iOS are unaffected from ransomware threat.

The first known malware extortion attack, the “AIDS Trojan” written by Joseph Popp in 1989, had a design failure so severe it was not necessary to pay the extortionist at all. Its payload hid the files on the hard drive and encrypted only their names, and displayed a message claiming that the user’s license to use a certain piece of software had expired. The user was asked to pay US$189 to “PC Cyborg Corporation” in order to obtain a repair tool even though the decryption key could be extracted from the code of the Trojan. The Trojan was also known as “PC Cyborg”. Popp was declared mentally unfit to stand trial for his actions, but he promised to donate the profits from the malware to fund AIDS research. Check more on Wikipedia.

What is Ransomware

Ransomware is a type of malware that stealthily gets installed into your system and holds your files or operating system functions for ransom and the only way to recapture access to the files is to pay a ransom.

Type of Ransomware

There are two major types of ransomware – lockscreen and encryptor

  1. Lockscreen Ransomware shows a full-screen message that prevents you from accessing your PC or files. It says you have to pay money (a “ransom”) to get access to your PC again.
  2. Encryptor Ransomware changes your files so you can’t use them. It does this by encrypting the files – see the Details for enterprises section if you’re interested in the technologies and techniques we’ve seen.

How to Prevent Your System against Ransomware

  • Update Windows and antivirus immediately.  If possible upgrade to Windows 10.
  • Turn Windows Update on if it’s disabled
  • Regularly back-up your files in an external hard-drive.
  • Beware of phishing emails, spams, and clicking malicious attachment.
  • Install a dedicated ransomware blocker
  • Disable the loading of macros in your Office programs.
  • Disable your Remote Desktop feature whenever possible.
  • Use a safe and password-protected internet connection.
  • Avoid browsing web sites that are known for being malware breeding grounds (illegal download sites, porn sites, etc.).

You may also want to read: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx