What is ransomware and how to avoid it
What is ransomware and how to avoid it
Ever wondered what ransomware is all about? you've heard about it in the office or read about it in the news. Maybe you have a pop-up on your computer screen now warning of ransomware infection. Well, if you are curious to know everything there is to know about this computer virus. We'll tell you about the different forms of ransomware, how you got it, where it came from, who it targets, and what to do to protect our PCs.
What Is Ransomware?
Ransom malware or ransomware is a type of malware that prevents users from accessing their system or personal files and demands a ransom payment to regain access. The earliest version of the ransomware was developed in the late 1980s, and payments had to be sent via snail mail. But now, the creators of the ransomware ordered that payments be sent via cryptocurrency or credit cards.
History of Ransomware
Ransomware first appeared in 1989. Known as AIDS or PC Cyborg Trojan, the virus was delivered to victims mostly in the healthcare industry using floppy disks. The ransomware counts the number of times a PC is booted, once it reaches 90, it encrypts the machine and the files on it and demands users 'renew their license' with 'PC Cyborg Corporation' by sending $189 or $378 to a post office box in Panama.
How Can Victims Get Ransomware?
How Victims Can Get Ransomware
There are several ways ransomware can infect your computer. One of the most common methods today is through malicious spam, or malspam, which is unsolicited email used to deliver malware. The email may include booby-trapped attachments, such as PDFs or Word documents. It may also contain links to harmful websites.
Malspam uses social engineering to trick people into opening attachments or clicking on links by appearing to be legitimate, whether they appear to be from a trusted institution or a friend. Cybercriminals use social engineering in other types of ransomware attacks, such as impersonating security forces or the law to scare users into paying them money to unlock their files.
Another popular infection method, which peaked in 2016, is malvertising. Malvertising, or malicious spam, is the use of online advertising to distribute malware with little or no user interaction. While browsing the web, even legitimate sites, users may be redirected to criminal servers without clicking on advertisements. These servers detail the victim's computer and its location, and then select the most suitable malware to deliver. Most of the time, that malware is ransomware.
Malvertising often uses infected iframes, or invisible web page elements, to do its job. Iframes redirect to exploit exploit pages, and malicious code attacks systems from landing pages via exploit kits. All of this happens without the user's knowledge, which is why it is often referred to as a drive-by-download.
Types of Types of Ransomware
There are three main types of ransomware, ranging from mild severity to dangerous crises. They are as follows:
Scareware, it turns out, isn't scary. This includes rogue security software and tech support scams. You may receive a pop-up message claiming that malware was found and the only way to get rid of it is to pay. If you do nothing, chances are you will continue to be bombarded with pop-ups, but your files are basically safe.
Legitimate cybersecurity software programs would not solicit customers in this way. If you don't already have this company's software on your computer, then they won't be monitoring you for ransomware infections. If you have security software, you don't have to pay to remove your infection, because your security software can take care of it.
This is a medium upgrade breed. When lock screen ransomware gets into your computer, it keeps your computer stuck with the screen locked. Upon starting your computer, a full-size window will appear, often accompanied by an official FBI or US Department of Justice seal saying illegal activity has been detected on your computer and you must pay a fine. However, it won't freeze you from your computer or ask for payment for illegal activity. If they suspect you of piracy, child pornography or other cyber crimes, they will go through the appropriate legal channels.
This is really evil stuff. These are the people who take your files and encrypt them, demanding payment to decrypt and resend them. The reason why this type of ransomware is so dangerous is because once cybercriminals have control of your files, no amount of security or system restore software can get them back to you. Unless you pay most of the ransom, the money is gone. And even if you pay, there's no guarantee cybercriminals will return the files to you.
What Is WannaCry Ransomware?
What is WannaCry Ransomware
In the largest ransomware attack to date, WannaCry also known as WannaCrypt and Wcry caused worldwide chaos in an attack that began on Friday May 12, 2017. WannaCrypt ransomware demanded $300 in bitcoins to unlock encrypted files, a price that doubled after three days. Users are also threatened, via an on-screen ransom note, with all of their files being permanently deleted if the ransom is not paid within a week.
More than 300,000 victims in more than 150 countries fell victim to ransomware in one week, with businesses, governments and individuals worldwide taking a hit. Healthcare organizations across the UK had systems taken offline by ransomware attacks, forcing patient appointments to be canceled and hospitals telling people to avoid visiting Accident and Emergency departments unless it was absolutely necessary.
Of all the countries affected by the attack, Russia was hit the hardest, according to security researchers, with the WannaCry malware hitting Russian banks, telephone carriers and even the IT systems that support transport infrastructure. China was also badly hit by the attack, with 29,000 organizations falling victim to this vicious ransomware.
What all targets have in common is that they are running unsupported versions of Microsoft Windows, including Windows XP, Windows 8, and Windows Server 2003. The ransomware worm is so powerful because it exploits a known software vulnerability called EternalBlue. The windows vulnerability was one of many zero-days that the NSA apparently knew about before it was leaked by Shadow Brokers Hacking.
Examples of Ransomware Attacks
While ransomware has technically been around since the 90s, it's only in the last five years or so that it really took off, largely because of the availability of untraceable payment methods like Bitcoin. Some of the worst attacks are:
* CryptoLocker, the 2013 attack that launched the modern ransomware age and infected up to 500,000 machines at its peak
* TeslaCrypt , which targeted game files and saw continuous improvement during its reign of terror
* SimpleLocker , the first widespread ransomware attack focused on mobile devices
* WannaCry , which spreads autonomously from computer to computer using EternalBlue, an exploit developed by the NSA and later stolen by hackers
* NotPetya , which also uses EternalBlue and may have been part of a cyber attack directed by Russia against Ukraine
* Locky, which began spreading in 2016, is “similar in its attack mode to the well-known banking software Dridex.”
How To Protect PC From Ransomware?
How To Protect PC From Ransomware
Security experts agree that the best way to protect against ransomware is to prevent it from happening. While there are methods for dealing with these computer virus infections, they are solutions that are imperfect at best, and often require far more technical skills than the average computer user.
The first step in ransomware prevention is investing in an outstanding cybersecurity program with real-time protection designed to thwart attacks by advanced malware such as ransomware. You should also take a look at the features that will protect vulnerable programs from threats (anti-exploit technology) as well as block these computer viruses using anti-ransomware applications.
Next, you need to back up your data securely and regularly. Using cloud storage which includes high-level encryption and multi-factor authentication is recommended. However, you can purchase a USB or external hard drive where you can store new or updated files, just make sure to physically disconnect the device from your computer after backing up, otherwise they can also be infected with ransomware.
Then, make sure your system and software are updated. The WannaCry ransomware outbreak took advantage of a vulnerability in Microsoft software. While the company released a patch for the security flaw back in March 2017, many people didn't install the update which left them open to attack.
But still one of the most common ways that computers get infected with ransomware is through social engineering. Educate yourself or your friends on how to detect malspam, suspicious websites and other scams. And above all, use common sense. If it seems suspect, it probably is.
That's all the information this time. Look forward to other interesting information and don't forget to share this information with your friends. Thank you…
Just an ordinary person who wants to share a little knowledge, hopefully the knowledge I provide can be useful for all of us. Keep in mind! Useful knowledge is an investment in the afterlife.