What Is Ransomware :
Ransomware is a computer malware that installs covertly on a victim's device (computer, smartphone, wearable device, etc), executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it.
More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer's Master File Table MFT or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
famous examples of ransomware are creber ransomware, ransomware locky, cryptolocker ransomware and the new spora ransomware.
If attacked, should I pay the ransom?
Paying the ransom is never recommended, mainly because it does not guarantee a solution to the problem. There are also a number of issues that can go wrong accidentally. For example, there could be bugs in the malware that makes the encrypted data unrecoverable even with the right key.
In addition, if the ransom is paid, it proves to the cyber criminals that ransomware is effective. As a result, cyber criminals will continue their activity and look for new ways to exploit systems that result in more infections and more money on their accounts.
How does a ransomware attack work?
A ransomware attack is typically delivered via an e-mail attachment which could be an executable file, an archive or an image. Once the attachment is opened, the malware is released into the user’s system. Cyber criminals can also plant the malware on websites. When a pakistani user visits the site unknowingly, the malware is released into the system.
The infection is not immediately apparent to the user. The malware operates silently in the background until the system or data-locking mechanism is deployed. Then a dialogue box appears that tells the user the data has been locked and demands a ransom to unlock it again. By then it is too late to save the data through any security measures.
For more information please see the video below:
Who are the victims of ransomware?
Any Pakistani consumer and any Pkistani business can be a victim of ransomware. Cybercriminals are not selective, and are often looking to hit as many users as possible in order to obtain the highest profit.
Are ransomware attacks against Pakistan businesses growing?
Yes, because cyber criminals know that organizations are more likely to pay as the data held captive is typically both sensitive and vital for business continuity. In addition, it can sometimes be more expensive to restore backups than to pay a ransom.
How to remove ransomeware?
Ransomware is on the rise – there are now more than 50 families of this malware in circulation — and it’s evolving quickly. With each new variant comes better encryption and new features. This is not something you can ignore!
One of the reasons why it is so difficult to find a single solution is because encryption in itself is not malicious. It is actually a good development and many benign programs use it.
The first crypto-malware used a symmetric-key algorithm, with the same key for encryption and decryption. Corrupted information could usually be deciphered successfully with the assistance of security companies. Over time, cybercriminals began to implement asymmetric cryptography algorithms that use two separate keys — a public one to encrypt files, and a private one, which is needed for decryption.
The CryptoLocker Trojan is one of the most famous pieces of ransomware. It also uses a public-key algorithm. As each computer is infected it connects to the command-and-control server to download the public key. The private key is accessible only to the criminals who wrote the CryptoLocker software. Usually, the victim has no more than 72 hours to pay the ransom before their private key is deleted forever, and it is impossible to decrypt any files without this key.
So you have to think about prevention first. Most antivirus software already includes a component that helps to identify a ransomware threat in the early stages of infection, without occurring the loss of any sensitive data. It is important for users to ensure that this functionality is switched on in their antivirus solution.
What are the chances that you can help ransomware victims to get back access to their files?
At Tier3 Cyber Security we are continuously working with other security companies and law enforcement agencies to identify as many keys as possible, for as many variants as possible. If you have some information that you think can help, please share it with us and if you need any help with removal of ransomware please send us email to email@example.com. All queries are dealt in confidence.