During the last couple of weeks a new word has been dominating IT-related conversations all around the globe: “Wannacry”. Wannacry is the name of most recent notorious cybersecurity attack, which has locked down the computers of thousands of users in different countries by encrypting their files and making them non accessible. This is yet another notorious incident in the long list of catastrophic cyber-attacks that have taken place during the past decade. Wannacry has reminded us of the importance of cyber-security, while confirming that ransomware is the type of attack with the worse consequences on IT operations nowadays. Ransomwares are a special type of cyber-attacks, wherein the cyber-criminals launching the attack prompt users to pay a ransom in order to restore access to the files of their computer. This is the reason why Wannacry locked down all the files of the infected computer, except for one that displayed a message about what happened to the computer and explained how the ransom should be paid.
Ransomware: Facts and Figures
Ransomware is a general class of malicious code, which, when launched, leads to data kidnapping and theft. It is typically classified as a malware rather than as a virus. This means that it is spread through internet-based pathways, notably e-mail and web surfing. Through the launch of ransomware attacks, cyber-criminals attempt to make money by threatening their victims. Hence, ransomware attacks notify their victims about the exact steps they can undertake, in order to recover their data safely, which however involves paying the cyber-criminals a certain amount of bitcoins or other electronic currency (e.g., payment vouchers). Ransom amounts vary, yet an average amount is approximately in the area of $300.
Preventing access to your files is probably the most known issue of a ransomware infected machine. However, other effects are also possible such as preventing you from accessing your operating system or even stopping popular applications such as web browsers. In general, the most common ransomware attacks can be classified in one of the following two categories:
1.Crypto ransomware and
2. Locker ransomware.
Crypto ransomware attacks encrypt personal data and files, while locker ransomware prevents its victims from using their computer through locking it. Crypto and locker ransomware are relatively new versions of ransomware. Some of the older versions flashed messages saying that the user had used his computer in an illegal way and that he were to be fined by the police or some government agency.
Ransomware attacks are not new, as instances of such attacks have been observed since over a decade. In 2005 the Trojan.Gpcoder malware corrupted files and slowed down the performance of the computers it infected. However, in recent years ransomware has a growing momentum: In the period 2013-2014 a 250% increase was recorded in ransomware attacks. This momentum is highly due to the fact that ransomware cyber-criminals are among the most intelligent and innovative hackers on the internet. We suspect that this intelligence could soon breed ransomware attacks on mobile devices or even smartwatches, which would further increase the economic impact of ransomware.
Preventing and Confronting Ransomware
No one wishes to experience the adverse consequences of a ransomware attack. Hence, you should take precautions so that you avoid such attacks. However, in case they happen, you should also be prepared to deal with it. As ransomware is a malware, you should be careful when dealing with links and messages in potential malware sources. Here are some tips:
- Do not visit sites that are unsafe, suspicious, or even fake. At the same time, avoid opening emails and attachments from senders that you do not know or even senders that you consider unlikely to have sent you messages and attachments.
- Never click strange or bad links in emails and social media, even in cases where you are prompted or provided with incentives to do so. The same holds for links that are unexpectedly sent to you via messaging applications and on-line chat.
- Make sure you do not click on links in webpages, unless you fully trust the website of origin.
- Ensure that your computing platform is up to date in terms of security updates. In this context, also make sure that you regularly check for available patches and updates to your operating system, especially security related ones.
- In addition to updating your operating system with the proper patches, makes sure that other programs that could open up access to malware and viruses are patched and up to date as well. This applies, for example, to browsers, Java Virtual Machines (JVM), PDF readers etc.
- In case you spot some unusual activity in your system such as a batch of unexpected messages or e-mail, turn off your internet connection.
- Disable remote services that allow and perform networked access to your computer, such as file sharing services. The less open ports and services your system provides, the more protected against ransomware it will be.
- Configure your spam filters in order to block potential sources of malware such as attachments with extensions like .exe, .scr and .vbs.
Restoring your computer following a ransomware attack is never easy, especially when your files have been encrypted. The following suggestions should be taken into account:
- Back-up your files regularly, especially the sensitive and important ones. It will be much easier to restore files from a recent back-up rather than finding a way to decrypt them. Back-ups should be typically taken in a different media and physical location from your computer. Nowadays, computer users are offered with a host of different ways to back-up their files, including backing up in a portable media (i.e. disks) or backing-up information in the cloud. Make sure you choose a way that suits your needs and take advantage of it in order to frequently back-up your files.
- Search for tools that could possibly decrypt your files following some ransomware attack. Vendors of security systems and anti—virus software have in the past, released such tools to aid users affected by ransomware.
- Do not consider paying the ransom as this encourages adversaries to continue similar attacks. Moreover, there is no guarantee that if you pay you will be able to restore the state of your computing system.
Despite increased investments in cyber-security systems, ransomware attacks are on the rise, which creates challenges for all stakeholders including IT administrators, security experts, CIO (Chief Information Officers), enterprises and computer users. It is highly unlikely that ransomware and other malware attacks will be completely eliminated. Nevertheless, it is always possible to reduce their likelihood and mitigate their consequences. Apart from technical tools and support, this also requires investments in security processes and awareness, which should be never underestimated. Therefore, it is always better to take a holistic approach to cyber-resilience, which considers- policies, technical measures and security-aware processes at the same time.