Ransomware

According to SonicWall, there were around ~600 million ransomware attacks in 2021! One of the prominent cases of ransomware was the attack on Colonial Pipeline in Texas, US which led to a severe crunch in gasoline supply in 18 states in the US.

Given the rapid rise of ransomware, here’s a short explainer of how it works:

• The threat actor infiltrates network security and looks for systems that are vulnerable or directly exposed to the public internet.
• Subsequently, the vulnerabilities and the protection level of the system are analyzed to see what type of code would stay undetected and breach the system.
• Malicious software is installed on the system which stays dormant for a period of time until it gets executed.
• Upon execution, the malicious software encrypts a large number of files in the system. The owner of the system would not be able to access the files without decrypting the files.
• Malicious software displays a message on the system stating the ransom required to release the files. The ransom is usually paid in cryptocurrency.
• The owner of the system pays the ransom to the threat actor and the threat actor sends a decrypting tool to access the files again.

How to Protect Yourself from Ransomware:

Install the latest software and firmware updates
Installing the latest software and firmware updates ensures that there are minimal vulnerabilities and better detection of malicious software.

Back up important data online:
Backing up your data regularly will allow you to revert back to a safe version of the a system without malicious code. However, the limitation of this is that you would not know when the malicious software was installed as it could have stayed dormant for days or months before being executed.

Use modern security solutions that are updated regularly:
Using the latest security solutions vastly increases the likelihood of detecting malicious software which can be blocked from being installed on the system.

In the event you are a ransomware victim, here are a few options to explore:
1. Isolate the affected system and consult experts on the next step
2. Secure existing backups of data and software
3. Change all your passwords linked to that system

What is Ransomware and How Can I Protect Myself against it?
As the name implies, ransomware actually refers to malicious software that is designed to block access to a computer system until the ransom is paid. In a typical ransomware scenario, the attacker demands a form of payment before releasing access to critical software containing valuable information and managing important processes.

Common ransomware attacks include:

• Sending a phishing email with an attachment and taking over the victim’s computer and demanding a ransom to restore access
• Exploit security gaps to infect computers without the need to trick users
• The attacker threatens to publicize the user’s sensitive data unless a ransom is paid

What should you do?
1. Keep your operating system patched and updated
2. Install antivirus software
3. Be very careful about admin privileges and limit that strictly
4. Back up your files
5. Invest in cyber insurance