As some of you may be aware, but ransomware is becoming an increasingly serious problem and its severity is climbing exponentially. The current ransomware in the spotlight is WannaCry which in three days has hit over 150 countries.
For those of you who do not know what ransomware is, let me explain. It is a type of malicious software that, once installed on your device, encrypts everything on it and effectively locks you out. All you will be presented with is a message screen explaining what has happened and the only way to decrypt your device is to pay the ransom. The author's of the ransomware will only accept payment in Bitcoin as it is untraceable.
Here is what you will see if you are infected by WannaCry
The risky thing about ransomware is that there is not always a guarantee the attacker will decrypt your device after you pay and there is no guarantee you will receive the right decryption key after paying. Also failure to pay on time may result in losing your files forever.
How is it spread?
Ransomware is spread in all forms and mainly relies on human ignorance to be successful. The most common form of spreading this malware is via email. Victims have reported receiving emails with attachments and it's the attachments (sometimes a web link as well) that once opened installs and activates the malware on your computer before you can do anything about it. Given that this form of malware has been around for a long time, there are many mechanisms and anti-viruses that can detect and prevent ransomware. This however has lead to ransomware having to become very sophisticated, and WannaCry is a perfect example. It is capable of replicating email styles of legit organisations and sending these emails to potential victims. But this particular ransomware is targeted more towards companies than home computers. But other nasty ransomwares like Jaff and SLocker (affecting Android devices) attack both company and home systems, also spread through emails controlled by botnets (a collection of slave computers around the world controlled by the attacker to maximize the spread at minimal cost).
How it works
Ransomware will try to trick victims to run the malicious file (often posing as something else that one would not find suspicious). Once activated, the malware will start encrypting all files with an encryption algorithm key. These keys are often massive and nested (encryption within encryption, etc.) resulting in billions if not trillions or more of possible combinations of what the key could be. The attacker has the decryption key stored on a secret server on the deep/dark web which will be sent to the victim once the payment has been made. In some cases a backdoor is installed on the victim computer which allows the attacker access to the computer even after the malware has been removed.
The way Jaff works is victims will receive an email with a PDF attachment. Once the PDF is opened, it will show an embedded Microsoft Office Word document inside and will ask the victim to click the link in the PDF to view the document. A Word document will be opened but in protected form, thereby prompting the user to enable content in the settings. By doing this, the ransomware is then triggered and a 2 bitcoin fee (at this point is equivalent to nearly $4000) is needed to decrypt the computer.
Tracing the attacker, their servers and their banks/e-wallets that the bitcoins go to is virtually impossible.
What can you do to be safe?
1. Make sure your device is up-to-date with patches. If you are unsure, check online to see how you can check for updates on your device and how to install these updates. Ransomware (and other malware) exploit vulnerable sections of software and operating systems to bypass the security and updates/patches fix these vulnerabilities. The Windows vulnerability that WannaCry exploited was patched 2 months BEFORE WannaCry was launched, and is one of the most rapid and widespread malware in recent cybersecurity history.
2. Ransomware attachments are usually in .pdf and .zip formats, which are commonly used formats themselves but are used to mask the true identity of the malware. If you have the slightest suspicions of an email from any source, no matter how reputable the organisation, contact the organisation to confirm the legitimacy of the email before you open any attachments or click on any links. If the email proves to be irregular, just delete the email, don't open anything.
3. Make frequent backups of all your files on external hard drives (let's say once a week or so), so in the event you fall victim, you can remove the affected hard drive, install a new one and copy the backup onto the new hard drive. But have the computer inspected before doing this in case the malware is residing elsewhere on the system.
4. Be careful what you download off the internet and NEVER click on adverts on web pages ever. They are a hotbed of viruses and other forms of malware.
Stay alert
It's believed that WannaCry is just the start and that there are much worse and sophisticated ransomwares yet to come. It may be time for the next global malware infection to take place, the first in almost 10 years.
Feel free to share this with as many people as you possibly can to help raise awareness
For those of you who do not know what ransomware is, let me explain. It is a type of malicious software that, once installed on your device, encrypts everything on it and effectively locks you out. All you will be presented with is a message screen explaining what has happened and the only way to decrypt your device is to pay the ransom. The author's of the ransomware will only accept payment in Bitcoin as it is untraceable.
Here is what you will see if you are infected by WannaCry
The risky thing about ransomware is that there is not always a guarantee the attacker will decrypt your device after you pay and there is no guarantee you will receive the right decryption key after paying. Also failure to pay on time may result in losing your files forever.
How is it spread?
Ransomware is spread in all forms and mainly relies on human ignorance to be successful. The most common form of spreading this malware is via email. Victims have reported receiving emails with attachments and it's the attachments (sometimes a web link as well) that once opened installs and activates the malware on your computer before you can do anything about it. Given that this form of malware has been around for a long time, there are many mechanisms and anti-viruses that can detect and prevent ransomware. This however has lead to ransomware having to become very sophisticated, and WannaCry is a perfect example. It is capable of replicating email styles of legit organisations and sending these emails to potential victims. But this particular ransomware is targeted more towards companies than home computers. But other nasty ransomwares like Jaff and SLocker (affecting Android devices) attack both company and home systems, also spread through emails controlled by botnets (a collection of slave computers around the world controlled by the attacker to maximize the spread at minimal cost).
How it works
Ransomware will try to trick victims to run the malicious file (often posing as something else that one would not find suspicious). Once activated, the malware will start encrypting all files with an encryption algorithm key. These keys are often massive and nested (encryption within encryption, etc.) resulting in billions if not trillions or more of possible combinations of what the key could be. The attacker has the decryption key stored on a secret server on the deep/dark web which will be sent to the victim once the payment has been made. In some cases a backdoor is installed on the victim computer which allows the attacker access to the computer even after the malware has been removed.
The way Jaff works is victims will receive an email with a PDF attachment. Once the PDF is opened, it will show an embedded Microsoft Office Word document inside and will ask the victim to click the link in the PDF to view the document. A Word document will be opened but in protected form, thereby prompting the user to enable content in the settings. By doing this, the ransomware is then triggered and a 2 bitcoin fee (at this point is equivalent to nearly $4000) is needed to decrypt the computer.
Tracing the attacker, their servers and their banks/e-wallets that the bitcoins go to is virtually impossible.
What can you do to be safe?
1. Make sure your device is up-to-date with patches. If you are unsure, check online to see how you can check for updates on your device and how to install these updates. Ransomware (and other malware) exploit vulnerable sections of software and operating systems to bypass the security and updates/patches fix these vulnerabilities. The Windows vulnerability that WannaCry exploited was patched 2 months BEFORE WannaCry was launched, and is one of the most rapid and widespread malware in recent cybersecurity history.
2. Ransomware attachments are usually in .pdf and .zip formats, which are commonly used formats themselves but are used to mask the true identity of the malware. If you have the slightest suspicions of an email from any source, no matter how reputable the organisation, contact the organisation to confirm the legitimacy of the email before you open any attachments or click on any links. If the email proves to be irregular, just delete the email, don't open anything.
3. Make frequent backups of all your files on external hard drives (let's say once a week or so), so in the event you fall victim, you can remove the affected hard drive, install a new one and copy the backup onto the new hard drive. But have the computer inspected before doing this in case the malware is residing elsewhere on the system.
4. Be careful what you download off the internet and NEVER click on adverts on web pages ever. They are a hotbed of viruses and other forms of malware.
Stay alert
It's believed that WannaCry is just the start and that there are much worse and sophisticated ransomwares yet to come. It may be time for the next global malware infection to take place, the first in almost 10 years.
Feel free to share this with as many people as you possibly can to help raise awareness
