How does Ransomware spread?Ransomware is a kind of mal-function whichinhabits the user to access his/her files and demand a ransom in exchange fordecrypting the files. These malicious programs mostly spread by tricking theusers to click on some popups which may have appeared to be safe and sound.Once such a spurious popup is clicked, a ransomware program gets installed tothe system and finds files that bear extensions like JPG, XLS, PNG, PPT, DOC,etc. These files are generally important ones in any PC system. The installed forcesa user to make a definite, variable sum of payment to the perpetratorsgenerally in the form of cryptocurrencies. The team responsible for spreadingransomware make sure to keep their identity secretive and in order to do sothey make sure that no one can keep a track of the payment they took. Attackersgenerally uses Tor protocol to hide their location.
Along with this, ransomwares also spreadvia traditional mailing system. More than 60 percent of ransomware spreads viaan email (specifically as a Microsoft Word document or a .ZIP file). Accordingto Cisco Systems’ 2017 Annual Cybersecurity Report, 65 percent of email trafficis spam and about 10 percent of the global spam observed in 2016 was classifiedas malicious. Financial damages due to ransomware:Businesses as well as individuals need tobe fully aware of the threat posed by ransomware and make cybersecurity a toppriority. According to Kaspersky, in an interval of 2 minutes at least 3companies get hit by one type of ransomware or the other.
Moreover we observed athree-fold increase in attacks over the business in the year 2016. Ransomwareattacks can always result in disrupting some important systems and can destroysome confidential data. A damage of $325 million was estimated to be the damagedue to ransomware according to some reports from Microsoft. CybersecurityVentures claimed that the damage due to ransomware accounts to $1 Billion in2016, and there is an annual growth in ransomware by 3.
5X, in reference toAnnual cybersecurity report by cisco in 2017.These attacks could not only cost afinancial loss but would also result in loss of some important and sensitivedata. Moreover, disruption/disturbance of various regular, day-to-day jobs. Onan organizational level, it potentially harms the organization’s reputation.Even on paying the ransom, one may not guarantee that the encrypted files willbe decrypted. In addition, it cannot be said that the malware infection hasbeen completely eradicated from the PC system. Conventional ways of tackling Ransomware:We need to ensure that we do have anantivirus equipped system which is updated on regular intervals. Though anantivirus could be an initial protection safety layer as it is based onsignatures and therefore there is always a possibility of missing out the newervariants.
In an organization it is best to have a multi-purpose and securitysolution that could deal with multiple problems, risk at a time providingenhanced protective technologies such as firewalls, behavioral threatprotections, etc. Security awareness campaigns should be organized that stressthe carelessness that can be very easily tricked by the spurious links andattachments via emails. Being too care free most of the users would not at allthink twice to open any bogus links and can so be easily tricked via theseemail.
This phishing has shown to be a very easy and very common way ofentrance vector for ransomware which is eventually extremely successful.Moreover, it is becoming very important totake a backup for the data already residing in systems and storage. It iswidely recommended that one’s a backup is been completed it is better to removethe physical device connected to same, so that in case our physical device isinfected with any sort of ransomware or a malware it cannot touch the cloudstorage and cannot corrupt the data stored in backup. Also, going well with GPOrestrictions provides an affordable as well as an easy way to avoid any attacksfrom malware. GPO provides us with a piece by piece control over the executionprocess of files therefore not compromising with the security of the PC andkeeping it much safe compared to any other type of control.