Wikipedia explains ransomware as “a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system’s hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a Trojan, whose payload is disguised as a seemingly legitimate file; thus, ransomware is an access-denial type of attack that prevents legitimate users from accessing files”.
It is important to understand the type of ransomware. Scareware typically claims it has detected a malware in your computer and demands money to be paid to clean up. Second type is lock screen ransomware that states illegal activity was detected when you boot your computer and demands payment. Message claims to be from FBI or police or US Department of Justice! Third type, which is getting widely popular is encrypting ransomware. This ransomware encrypts the files and demand ransom to be paid to decrypt the files. Since these ransomwares use stronger encryption it is difficult to decrypt hence even FBI recommends to pay the cybercriminals. But information security industry strongly is against this recommendation.
How to Prevent ransomware
As the saying goes, “Better safe than sorry”.
Backup, Backup!! Ransomware locks the computer or encrypts the files. If all the important data are frequently backed up, then even when you are hit by ransomware, you can format the computer and restore the data from the backed up location.
Patch! Patch! Patch both the operating system and the security software such as anti-virus, anti-malware, anti-spam to prevent the known attacks.
Beware of suspicious e-mails: The easiest attack vector of the ransomware is via e-mail. So do not open e-mail from unknown mail ids, open attachments or click on the links given. User security awareness will the key as the human is always the weakest link in the security chain.
Disable Macros and unnecessary scripts: Lot of ransomware is distributed by Microsoft Office documents sent as attachment that trick users to enable macros. One of the ways to handle this is to use Office Viewer that will not run any Macros. If you are using Office 2016, check if you have enable this new feature to prevent macro-based ransomware.
Configure security software Each security software has advanced feature to be configured to detect and prevent ransomware from being executed.
Least privileges Only when required use administrative privileges, at all other times work with standard user rights and privileges.
Despite all the precautions, if you are affected by ransomware, please consult security professionals from Veeras Infotek.
– Jagannathan Krishnamoorthy