When people thought Dyn DDoS was the biggest cyber attack ever, there came another day – May 12th, 2017 – for us to mark the biggest cyber attack in the Internet history. WannaCry, a ransomware, infected around 400,000 machines and many organizations, including big ones like NHS and Renault were thrashed by the attack. Ransomwares are malicious programmed software that encrypt user data for ransom and has been successful for the past few years in extorting money from victims with the promise that they will restore the data. Victims are usually high profile users and businesses such as hospitals, police departments, and banks, but these days it has found its way to home computers too. For example, take this story from the New York Times:
“My mother received the ransom note on the Tuesday before Thanksgiving. It popped up on her computer screen soon after she’d discovered that all of her files had been locked. “Your files are encrypted,” it announced. “To get the key to decrypt files you have to pay 500 USD.” If my mother failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC – all of her data – would be lost forever.
The most important thing anyone can do to avoid such attacks is to have a backup of their data – how much ever data one has got. For businesses and large organizations, there may be a huge pile of data in their computers and saving them all in a second space can be time consuming. Instead, go with a contractor that provides outsourced solutions so that they can help you have your data backed up professionally.
There are chances that this very moment, someone somewhere is clicking on a link in a spam eMail, leading to their data being encrypted by cyber criminal(s) somewhere one cannot even guess. There are many characteristics that set ransomware apart from other malware:
- Un-decryptable. Even with any of the decryption tools available, it is impossible to decrypt your attacked files on your own.
- Ransomware can encrypt any and all kinds of files you may have on your computer. It can also scramble your file name and add a different extension to your files.
- It will display a message or an image to let you know you’ve been attacked and that you have to pay a ransom to get back your data.
- Ransom is mostly asked in Bitcoins or other crypto-currencies, as they cannot be tracked by cyber security personnel. And, the victim is pressurised to pay them full in a limited time period, or the ransom is either increased or the data will be destroyed and lost forever.
- Ransomware cannot be detected by any anti-viruses due to its complex set of evasion techniques.
- Encrypting the victim’s files is not always the endgame. These files can be sent to servers controlled by crypto criminals.
Before getting tensed about the attack, there are solutions that can place you in the ideal spot as opposed to a compromising one. The objective is to discover a solution that not just backs up your entire data, but also copies your files, scans file systems, and inspects the types of changes a ransomware causes. In the wake of an attack, you can very clearly see changes in file names and directory structure. Also, there will be JPEG files that will not really be JPEGs. File extensions may be switched. Using the latest technologies, it is easy to examine whether your files have been encrypted or not.
To put it plainly, there are three ways to implement this protection framework:
- Detection: inspect for ransomware-corrupted files.
- Protection: stop ransomware from invading your backups.
- Response: a functionality that alerts the administrator when an infection is detected.
The first layer of defence, the detection, will be an active shield around your backup that is on, 24×7. This will act as a wall between your backups and any unauthorized accesses. The second layer, protection, incorporates detection, preservation, alerting and recovery – a combination that will work with cloud and on-premise backups. This layer starts by running a backup and later scanning the file system to detect any ransomware attack. If any attacks are found, the solution goes to the lockdown mode to preserve the last recent clean backup, disables future backups and alerts the administrator via email and SMS. From this stage, it is much easier for the administrator to recover all data from the backup.
Tips to prevent a ransomware attack:
- Do not pay the ransom. It encourages and funds these cyber criminals. And, there is no assurance that you will get your data decrypted.
- Restore your affected files from the latest clean backup.
- If you are travelling and may be using public wireless Internet, alert your IT dept. beforehand. Also, make sure you use a trustworthy VPN (Virtual Private Network) when using the public Internet.
- Never provide your personal information to any email, calls or text message from strangers. Phishers will try to trick you into installing malware, or gain private information by claiming to be from your IT department.
- Use well-known and best-reviewed anti-virus software and firewall. Maintain a strong firewall and always keep your anti-virus updated.
- Employ content scanning and filtering on your mail servers.
Extortion in cyber space has become frequent with the advent of ransomware. Users – businesses, establishments and organizations, and even normal users – must be alert to this risk and try to disrupt it.