Imagine handing over the keys to your house to a stranger, mistaking him for family or a friend. Now this stranger has carted some of your belongings away, and as if it is not bad enough already, he also locked you out of some rooms ‘in your house.’ He insists that the only way you can regain access to your rooms and your belonging is by paying him. Tragic, right? This in practice, is what ransomwares are. They sneak into your system in the guise of relevant mails or files and manifest by making your files unavailable to you. They do this by encrypting these files and demanding a ransom so they can send you the decryption instruction. According to Cybersecurity Ventures, the cumulative costs of damage resulting from ransomware attacks doubled from an estimated $11.5 billion in 2019 to $20 billion in 2020. The problem does not get any more pronounced than that.
The focus of this article is to consider the full range and extent of this problem from an ‘individual’ perspective, recommend preventions and see if there is any remedy for affected persons.
RANSOMWARE STRAINS
There are many strains of ransomware. This is testament to the resourcefulness and determination of these actors. As new ransomware variants arise regularly, it can be challenging to keep track of all the strains. But while each of these strains are different, they are fundamentally the same in the damage they inflict.
Some of the most popular ransomware strains include Bad Rabbit, Cryptolocker, GoldenEye, Jigsaw, Locky, Maze, NotPetya, Petya, Ryuk and WannaCry. Their range of sophistication varies and while a sizable number of them may rely on social engineering tools to trick users into relinquishing access, some like the NotPetya variant are more aggressive and would simply exploit chinks in the user’s security architecture. The implication of this is that they do not rely on trickery to affect their host. Sophisticated people can be victims too.
RANSOMWARE INFECTION VECTORS (CARRIERS)
How is Ransomware transported? What or who are the possible carriers?
Phishing Emails
Phishing rose in the fourth quarter of 2020 as the most used ransomware attack vector. Using links, attachments, or both, an email phishing attack looks to trick users into taking some sort of action. Phishing emails containing links may appear to come from a known contact asking a user to enter credentials for a bogus purpose. Those credentials are then stolen and used to access key systems on which ransomware can be installed. Other tactics include asking the user to click on a fake attachment, after which ransomware begins to automatically download.
Websites Serving Pirated Content
Ransomware can come bundled with pirated content downloaded from the Internet. As many people source their software, movies and music from pirate websites, Ransomware authors have been known to upload such files embedded with the malware. Once the file is downloaded and opened the payload is executed.
Compromised Websites
Websites with poor security such as those running outdated plugins or having multiple bugs and vulnerabilities can be compromised by Ransomware authors who then proceed to implant their malicious code within. These websites then serve the malware directly via drive-by-downloads or may redirect to another malicious website hosting an exploit kit.
Malvertising
This term denotes malicious advertising which occurs when malware actors use legitimate online advertising services to spread malware by injecting malicious code into ads and web pages. Some Ransomware authors have resorted to this using this method to spread their malware.
SYMPTOMS OF RANSOMWARE
- Missing files
- Slowed computer operation
- Unable to open files
- File name extensions changed
- Increased system crashes
- A message on your desktop directing you on how to pay to unlock your files
PREVENTION STRATEGIES-WHAT TO DO TO AVOID BECOMING INFECTED
Multibillion dollar companies and indeed high network individuals are really concerned about this plague, and rightly so. But the myth that ransomware attacks are exclusive to the rich and powerful is false. Common individuals have been victims to extortions and blackmails aided and abated by the malignant ransomware. The greatest approach then, to avoid being a victim of ransomware is to avoid becoming one in the first place. To that end, here are eight (8) things you can do to protect yourself from ransomware.
- Be Cautious
Avoid opening any attachments that appears to be suspicious. This is true of all messages, not just those sent by strangers. It also applies to senders whom you assume to be your friends. Phishing emails can appear to be from a financial institution, delivery service, a law enforcement agency, or an e-commerce site.
- Be Deliberate
Before you click, think twice. Nefarious hyperlinks can be sent through social media and instant messaging. Fraudsters frequently hijack people’s account and proceed to send out malicious links to their whole contacts. This explains why a malicious link can come from someone you know and trust. If you receive a link without enough explanation as to its relevance, DON’T CLICK ON IT. Reach out instead to the sender to get more insight about the link they sent.
- Take Privacy Seriously
Give out as little personal information as possible. If malicious actors want to send you a phishing email embedded with ransomware, they will need to collect your information from somewhere. Sure, they may procure it via data breaches traded on the dark web. But being less private means they can simply obtain it by sifting through your social media profiles utilizing Open-source intelligence (OSINT) techniques. It is critical not to divulge more private details than is necessary online.
- Apply Patches
Keep your software up to date by patching it. To guarantee that you have fewer vulnerabilities that can be exploited, keep your operating system patched and up to date. Those notifications informing us of the latest updates available can be annoying, but they are critical to our continuous safety from malware.
- Use Strong and Unique Passwords
Malicious actors may brute force their way into a system or account if the password is weak. They can then use that access to carry out attacks or move throughout the network to spread ransomware. As a result, for all accounts, you should use and ensure strong, unique passwords.
- Do not Use Strange Media
It is one thing for bad actors to break into a company’s supply chain and distribute trojanized material. It is another thing to connect a strange device to your PC. You never know what is on someone else’s USB device or CD. As a result, you should only use these types of media if they have been obtained from a reliable source. File sharing should be cloud based to reduce the risks of exposure.
- Block pop-ups with a browser add-on.
Malicious actors use pop-ups as a typical entry point to initiate ransomware assaults. Installing browser add-ons to halt pop-ups in their tracks is therefore a promising idea.
- Create and Defend Backups
As having a clean copy of your data is required for data recovery, having a robust and comprehensive backup system is critical. Your data losses can be reduced if you create intra-day snapshots in addition to full end-of-day backups. Because some ransomware searches for and encrypts external backup devices, keep backup drives offline or backup to the cloud to preserve these critical copies.
Backups will not stop an attack but can make damage caused by one less significant.
RESPONSE STRATEGIES-WHAT TO DO IF YOU BECOME INFECTED.
If your device is showing signs of a ransomware infestation, here are the steps you should take:
- Restore from a backup
Once you determine you have been hit with a ransomware attack, wipe your device clean and restore from a backup.
- Determine the strain and look for a decryption tool
If you do not have a backup or snapshot of your operating system, settings, and files the next step is to determine the type of ransomware that has encrypted your files. Knowing the type of ransomware will aid in searching for a decryption tool online. To determine this, upload a sample infected file to the following services:
- Once you have identified the type of ransomware that has encrypted your files, you can search for decryption tool on the following websites:
- No More Ransom
- Quickheal Free Ransomware Decryption Tool
- No Ransom from Kaspersky
- Avast
- Emsisoft
- McAfee Ransomware Recover
- Trend Micro Ransomware File Decryptor
- KnowBe4
- Avg
- Remove Ransomware from Device
If you cannot find a decryption tool and you are certain you do not want to pay the ransom, and you are okay with losing your files, then take the following steps:
- Reboot your computer to safe mode
- Install antimalware software
- Scan the system to find and remove the ransomware program
- Pay the ransom
This step is not recommended but should you choose to proceed, note that according to Bleeping computer, half of those who paid ransomware actors never got their data back.
CONCLUSION
According to statistics from the FBI (Federal Bureau of Investigation), “since 2016, more than 4000 ransomware attacks happen daily” and “1 in every 4000 emails contain malwares previously unknown to security experts”. The scale of the ransomware problem is near cataclysmic.
There has been conjectures by optimists, stating that due to the spike in the value of Bitcoin and other crypto currencies, ransomware attack tend to be declining given the shift in interest by actors. This is logical but should not mean we can now sit on our oars. If there is indeed any correlation between ransomware attacks and bitcoin value, then it can be assumed that the problem, though relaxed, is not completely over. The prices of crypto currency is volatile hence the uncertainty.
The best way to stay safe is by being aware of the problem, acknowledging it and actively working to prevent it. NoGoFallMaga
Contributors:
- Chibuike G. Offor
- Solakunmi J. Oyedele
- Subomi C. Lawson
- Oyelakin Timilehin Valentina