In 2017, ransomware attacks clearly dominated the cybersecurity landscape. WannaCry, Petya, Not Petya, Adylkuzz, Bad Rabbit, Cerber, etc. are just a few names that did the rounds in the last year. Lucrative payments is one of the most prominent reasons which has lured many attackers to launch multiple ransomware campaigns in the last couple of decades. Though we are yet to see a major ransomware attack this year, the activities of cyberspace are unpredictable.
Ransomware is a type of malicious software i.e. malware which encrypts the data on a target system and then asks for a certain amount of ransom to be paid for decrypting the encrypted data. If the victim does not pay the amount of ransom asked by attackers, his files are never decrypted. Lately, the attackers have been asking the victims to make payments in cryptocurrencies such as Bitcoins. Moreover, there have been instances where the victim has paid the ransom amount and still his files were not decrypted, or only a few files were decrypted in order to extort more money as a ransom for decrypting the remaining files.
The first known ransomware attack, dating back to 1989, was spread using floppy disks and it asked for a payment of $189 to be made to receive the decryption key. Fast forward to present day, the attackers are now actively using the Internet as a primary medium to infect various computers. A generic ransomware attack can be divided into three steps –
A ransomware enters into the target system via a particular type of medium such as emails, messaging services, drive-by downloads, etc. Once the downloaded file is opened or executed, the payload starts encrypting the files on the system. After all the files have been encrypted, a ransom screen is displayed which specifies the amount of ransom to be paid along with the preferred payment method.
Out of all the ransomware attacks so far since the beginning of the Internet, the WannaCry outbreak of 2017 can be easily termed as the worst attack. Somewhere around May 2017, it spread like wildfire infecting more than 400,000 computers. The most prominent victims of this outbreak were the UK’s National Health Service (NHS) and Telefonica,the largest telecom service provider of Spain.
WannaCry used ETERNALBLUE to exploit a vulnerability in SMB (Server Message Block) protocol. This protocol is used for giving access to files, ports, printers, etc. ETERNALBLUE is believed to be one of those NSA-built tools which were leaked by a hacking group going by the name of Shadow Brokers in April 2017. Prior to this leak by Shadow Brokers, Microsoft had already released the updates on March 14, 2017. Even though the update was marked as critical by Microsoft, many organizations failed to update their systems in the next two months leading to the WannaCry outbreak.
The ever-looming threat of ransomware attacks is dangerous for businesses as well as individuals. After the systems have been infected, their recovery is another tedious task. To ensure that you do not become a victim of ransomware attacks, you must act smart in the cyberspace. Here are a few suggestions from security experts at Logsign:
Considering 58 records of data are lost or stolen in a second globally it is better to have a predefined incident response team in place to...
Organizations should have an unmistakable incident response plan set up to adequately deal with the occurrence so the harm is restricted and...