Welcome to the first blog in our InfoSec 101 series during the week of Safer Internet
Jovi Umawing, Malware Analyst at Malwarebytes
Day. The theme of this year’s event is to ‘create, connect share and respect: A better internet starts with you. Calling on young people, parents, carers, teachers, police, and tech companies, it is encouraging open conversations about staying cyber-secure online and aims to create a better and safer online community.
This series aims to unshroud the terms that you may have seen cropping up in the media quite regularly, beginning with ransomware.
In a nutshell
Ransom malware or ransomware is a kind of malicious software that locks users out of their systems or blocks them from accessing their files, but offers to unlock them on the condition that users pay a ransom. This may be in the form of physical or digital currency.
Ransomware can range from the crude to the highly sophisticated, and only a few types are able to have their encryption successfully decrypted. These are:
Lockers – This should be an orange alert. When locker ransomware takes hold, you may find that you are unable to access certain applications or be frozen out of your computer entirely. Normally, a screen appears with what looks like an official-looking logo saying illegal activity has been detected on your computer.
Content from our partners
Crypto ransomware – This is the nasty stuff. Threat actors behind such a ransomware campaign want to seize your files and encrypt them, and then demand a payment in order to decrypt and return them. The reason this is so dangerous is that no security system or software can restore or return them to you. Unless you pay the ransom, they’re gone. However, even if you do pay up, there isn’t a guarantee the criminals will give you the files back.
Ransomware was thrust into the news agenda last summer after the high-profile WannaCry attack. This ransomware type was far more dangerous than other common ransomware types because of its ability to spread across an organisation’s network by exploiting critical vulnerabilities in Window computers.
The attack was stopped within a few days of its discovery due to emergency patches and the discovery of a kill-switch that prevented infected computers spreading WannaCry further. However, it still caused significant damage affecting more than 300,000 computers across 150 countries and totalling to hundreds of millions to billions of pounds.
There are a few different ways in which ransomware can infect your computer. Understanding this is a step towards being savvy in protecting your files.
One of the most common methods seen today is through malicious spam or malspam. This is an unsolicited email that is used to deliver malware. These emails can contain PDF or Word attachments that are traps or links to malicious websites. Malspam is often deployed via social engineering tactics – by appearing legit / someone else – to get you to open the attachment or click a link in the message body.
The other popular method of infection is malvertising. Malvertising, or malicious advertising, is the use of online advertising to distribute malware, requiring little to no user interaction. While browsing even legitimate sites, users can be redirected to criminal servers without ever clicking on an ad (find out more about adware in our third and final blog).
How can I protect myself?
Should you find yourself infected with ransomware, it’s advised not to pay the ransom. This will only encourage the cybercriminals to launch further attacks. Some files may be retrievable by using free decryptors; however, not all ransomware families have had decryptors made for them. Therefore, asking the advice of a security or IT specialist, if possible, is the best course of action before trying anything yourself.
One way to protect and prevent yourself from ransomware is to invest in a cybersecurity program with real-time protection that can thwart advanced attacks. This does not need to cost a fortune, in fact, many cybersecurity software on the market is affordable and implements freemium models.
Secondly, as tedious as it can be, creating secure backups of data can save you headaches further down the line. There are many cloud storage providers that include high-level encryption. Alongside this and to cover all bases, you can purchase an external hard drive – just be sure to physically disconnect the device after backing up, as they can become the victim of ransomware too.
Finally, stay informed. Educating yourself, employees, and family on suspicious emails or websites will go a long way in fighting cybercriminals by shedding light on their nefarious tactics.
