How does Ransomware spread?
Ransomware is a kind of mal-function which
inhabits the user to access his/her files and demand a ransom in exchange for
decrypting the files. These malicious programs mostly spread by tricking the
users to click on some popups which may have appeared to be safe and sound.
Once such a spurious popup is clicked, a ransomware program gets installed to
the system and finds files that bear extensions like JPG, XLS, PNG, PPT, DOC,
etc. These files are generally important ones in any PC system. The installed forces
a user to make a definite, variable sum of payment to the perpetrators
generally in the form of cryptocurrencies. The team responsible for spreading
ransomware make sure to keep their identity secretive and in order to do so
they make sure that no one can keep a track of the payment they took. Attackers
generally uses Tor protocol to hide their location.
Along with this, ransomwares also spread
via traditional mailing system. More than 60 percent of ransomware spreads via
an email (specifically as a Microsoft Word document or a .ZIP file). According
to Cisco Systems’ 2017 Annual Cybersecurity Report, 65 percent of email traffic
is spam and about 10 percent of the global spam observed in 2016 was classified
Financial damages due to ransomware:
Businesses as well as individuals need to
be fully aware of the threat posed by ransomware and make cybersecurity a top
priority. According to Kaspersky, in an interval of 2 minutes at least 3
companies get hit by one type of ransomware or the other. Moreover we observed a
three-fold increase in attacks over the business in the year 2016. Ransomware
attacks can always result in disrupting some important systems and can destroy
some confidential data. A damage of $325 million was estimated to be the damage
due to ransomware according to some reports from Microsoft. Cybersecurity
Ventures claimed that the damage due to ransomware accounts to $1 Billion in
2016, and there is an annual growth in ransomware by 3.5X, in reference to
Annual cybersecurity report by cisco in 2017.
These attacks could not only cost a
financial loss but would also result in loss of some important and sensitive
data. Moreover, disruption/disturbance of various regular, day-to-day jobs. On
an organizational level, it potentially harms the organization’s reputation.
Even on paying the ransom, one may not guarantee that the encrypted files will
be decrypted. In addition, it cannot be said that the malware infection has
been completely eradicated from the PC system.
Conventional ways of tackling Ransomware:
We need to ensure that we do have an
antivirus equipped system which is updated on regular intervals. Though an
antivirus could be an initial protection safety layer as it is based on
signatures and therefore there is always a possibility of missing out the newer
variants. In an organization it is best to have a multi-purpose and security
solution that could deal with multiple problems, risk at a time providing
enhanced protective technologies such as firewalls, behavioral threat
protections, etc. Security awareness campaigns should be organized that stress
the carelessness that can be very easily tricked by the spurious links and
attachments via emails. Being too care free most of the users would not at all
think twice to open any bogus links and can so be easily tricked via these
email. This phishing has shown to be a very easy and very common way of
entrance vector for ransomware which is eventually extremely successful.
Moreover, it is becoming very important to
take a backup for the data already residing in systems and storage. It is
widely recommended that one’s a backup is been completed it is better to remove
the physical device connected to same, so that in case our physical device is
infected with any sort of ransomware or a malware it cannot touch the cloud
storage and cannot corrupt the data stored in backup. Also, going well with GPO
restrictions provides an affordable as well as an easy way to avoid any attacks
from malware. GPO provides us with a piece by piece control over the execution
process of files therefore not compromising with the security of the PC and
keeping it much safe compared to any other type of control.