Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.The ransomware may also encrypt the computer's Master File Table (MFT) or the entire hard drive.Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
While initially popular in Russia, the use of ransomware scams has grown internationally; in June 2013, security software vendor McAfee released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013, more than double the number it had obtained in the first quarter of 2012. Wide-ranging attacks involving encryption-based ransomware began to increase through Trojans such as CryptoLocker, which had procured an estimated US$3 million before it was taken down by authorities,and CryptoWall, which was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over $18m by June 2015.
Steps to be taken:
- Back up your files
- Be suspicious of emails, websites and apps
- Use an antivirus program
- Always install updates
- Never pay the ransom
Simply put: make sure your Microsoft Windows server is up to date. Microsoft issued a patch in mid-March to fix the hole in Windows 7 and other supported versions of Windows: Vista, Server 2008, Server 2008 R2, 8.1, Server 2012, RT 8.1, 10, Server 2012 R2, and Server 2016. But those who did not apply the software update were—and still are—left exposed to the hack.
In light of the attack, Microsoft rolled out patches to protect older versions of Windows that “no longer receive mainstream support” from the company like Windows XP, Windows 8, and Windows Server 2003. Those running on Windows 10 are fine, as their software is not vulnerable to this particular cyberattack. Devices that are potentially susceptible are Windows 7 and Windows Server 2008, and earlier operating systems.
Microsoft recommends users upgrade to Windows 10 and install the security update MS17-010. With the 1.243.297.0 update, Windows Defender Antivirus detects the malware as Ransom:Win32/WannaCrypt. The company also recommends Device Guard for businesses and Office 365 Advanced Threat Protection for blocking emails carrying malware.
The U.S. Computers Emergency Readiness Team (CERT) issued advice on how users can best protect themselves from the recent WannaCry ransomware threat. In addition to being “particularly wary of compressed or ZIP file attachments,” CERT recommends using caution when clicking directly on links in email even if the sender is someone you know. They suggest trying to independently verify web addresses.
No comments:
Write comments