Ransomware

With the ever-growing number of ransomware attacks and the fact that ransomware is becoming more sophisticated, I’ve decided it’s worth writing about. Ransomware statistics for 2019 illustrate vividly the ransomware examples that have disrupted the lives of millions of people in the United States, Europe and other countries around the world.

A good antivirus is the obvious first step towards ransomware protection, but older antivirus tools can only protect against some ransomware variants. Kaspersky (one antivirus provider) talks about how to protect yourself against ransomware and mitigate the damage that has already been done. Having the right kind of backup still remains the most important and effective part of your protection against ransomware attacks, because if a new ransomware manages to go undetected this maybe your best option to recover your system.

While backups cannot prevent ransomware itself, they can be used to recover from certain types of ransomware attacks.

If you or someone else is targeted by Krypto-Ransomware, the only real option is to completely delete the system and restore it from a backup, because if you pay the ransom, the hackers that utilise Krypto-ansomware have the funding to target someone else.

Once the ransomware has infected a system, it usually encrypts all files on the computer and blocks access to the hard drive(s). Once the system has been infected by ransomware, these files can not be opened, because ransomware encrypts these files and your system has no decryption key, usually the hackers will offer to sell you a decryption key, for a high price.

There is a helpful website to help affected organisations understand how ransomware works and how it can be removed, as well as technical expertise, and offers some known decryption keys, these are not guaranteed to work, but maybe useful. If an organisation is able to identify the type of ransomware, they may be able to find a free Ransomware removal tool.

Ransomware protection is an evolving field, and chances are good that in the future the anti-ransomware utilities will be able stop the ransomware trend. The first step in the ransomware prevention is to invest in programs with real-time protection, which are supposed to thwart advanced malware attacks such as ransomware. There are a number of solutions that can help to prevent ransomware infections, but you can also use your own real world security measures to strengthen your ransomware protection, such as only allowing a minimum amount of authorised users to access sensitive computers.

Ransomware Crypto - Is a ransomware that prevents access to files and data by encryption, but allows you to use your computer as usual. Locker ransomware locks your computer or device and also encrypts the data and files, so you need to use another device or machine to unlock the infected machine, you will also need more technical knowledge to recover this system.

Most of the current ransomware variants only encrypt files, although some variants are known to delete the files or block access to your system.

Jigsaw, a known type of ransomware, will begin to delete random files in certain steps from a person's computer until the victim pays the ransom or the computer is cleaned.

Ransomware offer offer decrypt methods for a price, but usually require you to pay with alternative currencies like Bitcoin, Litecoin, Bitcoin Cash, BitTorrent and other types of largely unregulated finance systems.

A system can be infected by a user downloading a shady email attachment, visiting a dodgy website or even using a specially designed USB device, more aggressive forms of ransomware can exploit security loopholes on legitimate websites or computer programs to infect your computer without tricking the user or causing damage to the computer.

Cybercriminals can use social engineering to pretend to be FBI agents to scare users into paying them a sum of money to unlock their files. Ransomware offers hackers an incredible return on their investment. Many of the newer versions of these ransomware are Game Malware, which means that victims literally have no choice but to either restore their file or pay a ransom.

Obviously, the most immediate costs that are associated with the infection with ransomware, the ransom note, which may depend on the type of ransomware and the size of the organisation. But the costs involved in a ransomware attack are blurred when you account for lost time p, wages and productivity, specialised help and public reputation damage.

Some ransomware encrypts files, sends them to a hackers file server, and then sell the files to interested parties (other criminals, competitors) in exchange for a large amount of money, usually anonymously.

The average payment for ransomware decrypt keys in a ransomware attack is between $1,000 and $5,500 per file.

When your computer is connected to the Internet, there are steps you can take to avoid or minimise the chance of becoming a victim. Identifying ransomware threats will help you understand and protect yourself from becoming a victim.