ransomwareRecently, one of the extreme cases took place extracting ransom took place in February When Hollywood Presbyterian Medical Centre revealed that it paid 40 Bitcoins i.e. almost $17,000 in ransom to hackers who essentially held the hospital’s computer system hostage, it marked a dangerous escalation in the high stakes surrounding ransomware. The larger cost came from the days of downtime the hospital experienced as a result of the malware infection.  Since then, two other hospitals in California, as well as in Kentucky and Maryland were also hit.

Also, in what is now the first known instance of an online extortion demanding ransomware in bitcoins from Indian targets, the Economic Times has revealed that hackers disrupted operations by crippling computers at three banks and a pharma company.

The impact of ransomware is difficult to calculate as many organizations opt to simply pay to have their files unlocked – an approach that doesn’t always work rather than report the matter. A report on the Cryptowall Version 3.0 ransomware campaign, issued in October of 2015 by the Cyber Threat Alliance, estimated that the cost of that single attack was US $325 million.

On 31 Mar 2016, the U.S. CERT and the Canadian Cyber Incident Response Centre  (CCIRC) issued a joint warning about ransomware following several high-profile infections at hospitals.

What is Ransomware?

Ransomware – a malicious software used by hackers to block access to a computer system until a ransom is paid. Attackers contact the user with ransom demands. Most attackers request payment in Bitcoin (the crypto-currency). Even if you pay the ransom, the attackers may not deliver the key to unencrypt files.

Ransomware is a large and emerging business and is infecting more companies and individuals than ever in 2016. There are several factors contributing to the success of ransomware, starting with the emergence of Ransom-as-a-service (RaaS), where even crooks without advanced knowledge can launch devastating attacks. There’s also the fact that ransomware operators are constantly improving their code, communication methods, and attack vectors, coupled with the constant development of new variants that build on existing threats but employ new features. The best way to protect yourself is to backup data often and be ready to recover from backup after scrubbing the ransomware from the network.

http://www.slideshare.net/InderBarara1/ransomware-what-you-need-to-know-to-safeguard-your-data

How Do I Get Infected by Ransomware?

Ransomware can be delivered by number of ways, but the most common is as an infected file attached to an spam emails containing malicious macros in Office documents or JavaScript attachments, as well as via exploit kits, which provide it with a large attack surface. The malicious programs use obfuscation to hide their code, can often detect whether specific anti-malware software is running on a host computer, can target only users in specific regions, and also take advantage of various other tools to compromise a victim’s computer.

Email attachments aren’t the only mechanism for infection, Drive-by downloading is another where a user visits an infected website and malware is downloaded and installed without the user’s knowledge. Ransomware has also been spread through social media, such as Web-based instant messaging applications. And recently, vulnerable Web servers have been exploited as an entry point to gain access into an organization’s network.

Ransomware is evolving into becoming a self-propagated threat that can move semi-autonomously throughout a network. They also suggest that new type of ransomware – Samas, which exhibits  behaviors of a successful worm, is proof of the next step in the evolution of ransomware, which should arrive in the form of cryptoworms

How to Prevent and Protect Against a Ransomware Attack?

Victims who have been affected by ransomware can generally attest to the pain and complexity of trying to recover after such an attack. Increased user awareness and vigilance can save a potential victim time and money in the unfortunate event of an attack. Preventing the attack in the first place is still the most effective way of dealing with this threat.

  • Backup data at regular periodically. Minimally follow the 3-2-1 rule, maintaining at least three copies in two different formats with one copy stored off-site.
  • Some ransomware infects local drives and mapped network drives, including Dropbox. For Dropbox and Google and iCloud drives, choose to pause synching whenever possible.
  • Do not open any .zip attachment on an email or open a .pdf file from an unexpected or unknown sender. When a file name ends with .pdf.exe it is not a pdf-file, but will almost certainly contain a virus or ransomware
  • Be extra careful when plugging the inserted media such as CDs, DVDs and USB sticks check them with anti-virus and anti-malware software and enable “access scanning”.
  • Be wary of emails, do not click on links in emails before verifying that the website is Ok and do not download email attachments without verifying the source.
  • Keep software up-to-date. This will not protect against zero-day exploits, but it will patch the more recent vulnerabilities in your software.
  • Use multiple antivirus products to increase your chances of nipping an infection in the bud.
  • Install advanced email spam filtering.
  • Make sure to scrub the malware from all devices on your network before recovering from backup.

What to Do if I Get Infected?

Hopefully, you have a recent backup and you can wipe your device and reload it with an uninfected version. Here are some other things you need to do:

  • Report the crime immediately on occurrence
  • Paying the ransom is no guarantee that your data is retrievable
  • Contact cyber experts to resolve the problem
  • Always Have a Plan “B”

As ransomware attacks continue to grow in number and sophistication, individual PC users and organizations should reassess their current security strategy. There is a common misconception that adding layers of automated defence technologies will reduce the risk of falling victim to ransomware attacks. While endpoint security products and secure email gateways can offer some level of protection, sooner or later a phishing email, which is the most widely-used attack vector, will penetrate defences and user will be faced with determining whether or not an email is legitimate or part of an attack.