How to prevent Ransomware Attacks

May 02, 2021

One fine day my colleague received a mail that seems to be from his manager, he opened the mail. It contains some information saying “you are moved to a new project and to know the project details check out the attachment below. After opening that document it didn’t show any information related to that. Later he identified that the mail was wrong and not from his manager. After two days, all the files are locked out and he is unable to login. On the screen it says “All of your files are encrypted, to get decryption key and to get your files back pay us **** amount of bitcoins to **** address.”

This is what actually happened to my colleague. He received a specially crafted email with an attachment. When he opened the document, malware got installed in his system and it took some time to encrypt the files and later locked him and demanded him to pay ransom money to get files back. This type of attack is called Ransomware attack. Ransomware is a type of malware that encrypts the files in the system and prevents users from accessing their system or personal files. If you have sensitive personal files and any important information you must pay ransom amount money in the form of cryptocurrency, otherwise simply format the system and install a new operating system.

How ransomware gets into the system, most of the time hackers use social engineering techniques to mislead the users to install the malware. Generally using phishing techniques and sending email that seems to be from a person that you can trust. This makes users open the attached files or links that hackers sent. And some other popular method is malvertising that means malicious advertising to distribute malware with little or no-user interaction. Even legitimate sites direct the user to malicious servers without clicking on any ad, they will catalog details about victim computers and their locations, and then select the malware best suited to deliver.

There are different types of ransomware, but every ransomware will come under any of the three main types.

• Scareware: Like it’s name says it tries to scare the users. It will display pop ups on the target system saying your system got infected with malware, To remove that pay us some amount. By seeing this type of ads users may scare and pay an amount to the attacker to remove malware. In this case you pay money or not your files won’t get affected.
• Crypto ransomware: It encrypts the files in the victim system and makes the victim unable to access them. The hackers demand the victim to pay ransom money to get his files back. Sometimes there is no guarantee that you will get your files back even though you pay.
• Locking ransomware: It doesn't encrypt the files in the system, they just lockout the victim from their system. Once the user is locked out, the hackers will demand ransom money to unlock the device. Majority of the time, the attackers will choose the targets (individuals or groups) who can pay the ransom money, and target the firms that need to access their files immediately and can pay whatever the attacker demands.

How to stay away from the ransomware attacks:

• Install any security software that gives you advanced features.
• Keep your systems up to date with the security patches released by the operating system.
• Use genuine products, avoid using cracked or any software offered by untrusted platforms.
• Beware of the mails you received before clicking on any attachments it contains.
• Beware of the sites you visit, some websites will contain scripts that load malware to your system just by visiting them, even if they are legitimate.
• Maintain data backup for whatever the important or sensitive data you have. so if you got attacked, you don’t need to worry about data loss.