Ransomware virus are a growing menace everywhere and over a billion dollars are lost every year in US alone because of them. There has been an increase in activity of them in Indian ecosystem for quite some time. There have been incidents of enterprises and banking establishments being infected since last year. Total number of ransomware attacks rose by 13 percent this September alone. Apart from the usual sources i.e., malicious websites botnets infected networks; emails are major source on how most of these infections occur. Meet the Super Heroes of Cyber Security.
There are attack frameworks available that can be used today to do a targeted ransomware attack or just be a menace everywhere without bias. You can target companies using these automated frameworks that crawl and pull relevant information posted about your company from various sources. A reply to postings with related information and attachments also can invite ransomware into your system. The problem arises when you have to enable macros to read these and when u do, a reverse proxy connection is established between your computer and a remote IP. This is usually another infected swarm and a download is initiated thereby infecting the system with the latest variant of ransomware virus. This is designed to keep evading antivirus and soon all computers in your networks get infected. Read more about this computer virus attacks.
Many times delivery mechanism are designed to infiltrate systems through their vulnerabilities the virus quickly starts infecting the system and starts encrypting the files. Once it’s done it puts up a wallpaper and demand bitcoins. There are two types of ransomwares encrypting ransomwares and locker ransomwares. Locker ransomwares are easy to break or recover from while encrypting ransomwares encrypt files with high encryptions that are very difficult to break.
Follow these best security practices and you can be best prepared to deal with ransomware viruses and any unforeseen circumstances.
- Use legit softwares and keep your systems updated to prevent vulnerabilities and exploits.
- Use low privilege accounts / modes if your activity doesn’t require elevated access if u don’t have elevated access the files u open won’t have it as well.
- Use sandboxing software like sandboxie to open attachments or usual browsing in isolated storage and prevent access to your operating system core.
- Use Host intrusion detection systems (HIDS) and network intrusion detection systems (NIDS) these are softwares / hardwares rules and permission based controls for security management for computers and networks.
- Don’t use cloud folder sync if your cloud doesn’t support version management your cloud files will be lost as well.
- Don’t enable file system folder access from virtual machines as infection thru virtual machines will render host machine completely unrecoverable.
- Use Hardware devices like Apple Time machines, etc to automate backups regularly, important: always follow the first three rules of computing: Backup, Backup, Backup.
There are number of organizations government, private and not for profit organisations and associations are actively fighting this menace, currently there are few decryptors available if you are infected with those specific types of ransomwares. Problem is these are also evolving newer version and variant of themselves and they become harder to break. There are also antiransomware softwares now available that proactively tries to detect and blocks them.
Visit https://www.nomoreransom.org/decryption-tools.html to decrypt over 7 ransomwares encryptions and to know more about them. Read Startup News.