Hackers and malicious users are constantly on the lookout for new ways to exploit users. One way, which isn’t recent but has been in the news a lot lately, is ransomware. Ransomware is a type of attack that encrypts your network/file system. The victims are notified that if they pay the attackers (a.k.a. ‘ransom’), they can get hold of their accounts again.

This type of ransom attack is carried out by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim. If the victim opens/executes the attachment, the program encrypts a number of files on the victim’s computer. A ransom note is then left behind for the victim. The victim will be unable to open the encrypted files without the correct decryption key. Once the ransom demanded in the ransom note is paid, the hacker may (or may not) send the decryption key, enabling decryption of the “kidnapped” files. Which get stolen.

To give you an idea of how rampant this type of attack is these days is a report by HelpNet security. There were about 181 million ransomware attacks reported in the first six months of 2018 alone. This is an indication of 

Some of the popular and most dangerous ransomware attacks in recent years were WannaCry and Bad Rabbit ransomware. WannaCry ransomware started spreading across Europe in May 2017 and primarily affected computers that were running Windows Operating System. It spread to other parts of  in a matter of days affecting 200,000 computers and costing billions of dollars. Attackers took advantage of the a previously known vulnerability (called EternalBlue)in older Windows systems that was not patched. The attackers locked the file system of the user and demanded $300-$600 to get it unlocked. 

How to protect against ransomware

Mitigation of a ransomware is a little complicated. Just like other forms of malware, antivirus software might not detect the presence of a ransomware payload. In most cases, removal of the infected programs as soon as possible is the best way to prevent further damage of the user’s data.

The first line of defense is the operating system. Users need to make sure that they are running the latest version of Windows on their computer. Always have automatic updates turned on. Windows installs patches in their operating systems every alternate Tuesday. This can be a pain sometimes when Windows takes ages to install updates. But to be secure, sometimes convenience needs to be sacrificed.

Another thing that users can do is to make sure they are running the most updated version of the antivirus software. If the ransomware is known, chances are that the antivirus software will already be blocking it.

Always keep a copy of your most important files on an external hard drive which is not connected to the network. This way even if you get affected by a ransomware, you are still able to access your files.

What to do if you are affected?

• If you do get affected, do not pay the attackers. Keep a copy of the phishing email received from the attackers and provide it with the police, as it helps with their investigation.
• Disconnect infected devices from the internet. If the infected device is part of a network, isolate it as soon as possible, to prevent the spread of the virus to other nodes in the network.
• You can then format the hard drive, reinstall the operating system and apps, run any available updates and, finally, restore the locked files from your backup device.