We all have faced some issues with ransomware at some point during our life. And we already know the experience isn’t quite good, if not bad. Here we will the discussing about what a ransomware really is. What it can and cannot do ? How to avoid a ransomware ? And most importantly how to prevent a ransomware attack ?
Now let us first understand about the ransomware. What are those and why do they even exist in the first place. Though the answer to the latter question might be quite obvious. But still let us dig right in to as why we are cursed with the ransomware.
What is a Ransomware ?
Let us break down the term “RANSOMWARE” into RANSOM and WARE. The term “RANSOM” means a certain amount which is being demanded in return of something. And the word “WARE” indicating the type especially in pottery.
Which brings us to this:
RANSOMWARE is a type of malicious application which hijacks a user’s data and demands certain amount to give it back.
How do Ransomware work ?
Okay, let us understand the anatomy of a RANSOMWARE. It all begins with a malicious intent, might be a single person or a group. They make up their mind to earn illegally.
When we come to the technical part of RANSOMWARE. It is really just a piece of program which is planted into the systems without user’s consent. Now this is something tricky because a ransomware has a really sophisticated code base. All to be undetected by antivirus programs and security systems.
The ransomware is nothing but a software written to be executed anonymously to encrypt all the files in your system with a predefined or key developed from an algorithm.
I have also written a details process of a ransomware attack below.
How is a Ransomware attack planned ?
Most of you might not be familiar with this but a hack ( or an attack ) is only 20% technical. Why is it so ?
It is because the people are not as smart as computers. Systems can be patched but doing same with the people is not quite possible. Which makes it easy for the attackers to social engineer their targets. And then they willingly inject the threat into their own systems.
Also it’s worth noting that not all attacks are social social engineered. Some are exploited remotely because many systems are not patched with latest security updates. And the attackers constantly study their target and try to find out a way to get into the system.
The stages of a Ransomware attack
Ransomware attack is carried out in a similar fashion. Reading this section might give a simple insight on how to prevent a ransomware attack. Let us see explore the steps of a ransomware attack:
During this stage the attacker searches for it’s victim actively or passively. Sends out spam emails and other social engineering attacks. If someone gullible is targeted they might download a program which is referred to as a Dropper.
Malicious code infection
During this stage when the victim clicks on the application. It connects to the remote server where the actual malware is hosted. And then it downloads the malware to start working it’s way through.
Malicious payload staging
This is the most important stage among all. During this phase the ransomware finds a way to persist in the system even after a reboot. This is very important because the malware need to be present to keep carrying out it’s malicious activities.
Now in this phase of attack the malware has rooted itself into the system. And the next task is to search for all the files in the system and prepare them to be encrypted. It will even scan all the network connected to the system. And if possible it even spreads over the network.
During this stage of attack the ransomware actively encrypts all the listed files. Every files that has been found will be encrypted locally or over the network.
This is the final stage of the attack. This is where the malware leaves off the details for payment. It will leave a note to send the amount either through untraceable medium such as bitcoin.
What to do if you’re affected by Ransomware ?
So you are affected by the Ransomware ? And you want a way to get back your files ? I have a bad news and a good news. Let us start off by some good news and save bad news for later.
What’s the good news ? The good news is that Ransomware are just encrypting software which sometimes can be reversed engineered and the key is extracted. It can be used to decrypt the files. But this is rare and some non serious malware have fixes already available on the internet.
You might want to do some quick search. But on the process make sure to not download any additional malware. Just ask on forums and read blog post before blindly downloading anything.
Now the turn for the bad news. Are you ready ? The bad news is the reverse engineering rarely succeeds. Meaning you will have to say goodbye to your files that have no backups. You cannot possibly get back those files but if you wait long enough, maybe years later they find a fix. And then you will get back your files.
But this is not practical if your files are just too important for immediate use. Like the files for your tomorrow’s meeting is now gone forever. This is hard to accept but this is the truth. The only thing you can do is be cautious for future.
How to prevent further ransomware attack ?
If you have not been attacked by ransomware, GREAT! But if you have you will need to keep those files somewhere. In a hope something will be available later for you to reverse the encrypted files.
But the most important thing here is how can you not get affected by these type of attacks any further ? The thing is it all depends on you. Using an antivirus solution alongside windows defender is a good preventive measure. But it falls short against your actions. New malware might get into your device.
The only logical thing to do is reset your device ( sometimes called formatting ). Completely wipe it deleting all the partitions and recreating them.
After that use some antivirus solution free version will do.
The next thing is do not just surf around and download random things. Even if you have downloaded something check the full filename and extension.
That awesome book you have downloaded should never end with .exe as in : My_awesomebook.pdf.exe.
And lastly don’t just go on inserting random USB drives into your system. This might get you into real trouble if you are not careful.
You think you’re safe now, don’t you ?
Now that you have completed reading all these things and now you feel a little more confident. If that is what you feel please change it. I have stated the obvious but never let your guard down.
Security isn’t something you do and forget. It is a continuous process. You have to be careful doing everything online. Even the most obvious things as browsing the web. Do not download anything from the internet blindly, I’ve said it again.
And, No you are not the lucky winner and you have not won that * smart phone or the amount or anything. So please do watch out for that.
The bottom line is always get defensive over the internet and don’t go around downloading files and other stuffs. Ask on forums or someone who has some knowledge about something if you have access to them.
I guess that concludes and satisfies what is ransomware and how to prevent a ransomware attack. Keep learning and keep reading.