Ransomware: Understanding the landscape of this form of malware and effective ways to counter it

The recent slew of coordinated ransomware attacks have proved to be an effective wake up call for businesses around the world.


By Mandar Sahasrabudhe

Ransomware in IT world can be referred to as virtual kidnapping of data in exchange for a reward. It’s a malware which restricts users from accessing their own data on a corrupted system and would demand a ransom to revoke the access. The recent slew of coordinated ransomware attacks known as WannaCry or WannaCrypt on various sectors in European countries have proved to be an effective wake up call for businesses around the world. WannaCry is Encrypting Ransomware or Crypto Locker type of ransomware that is programmed to attack Microsoft Windows software. The attack last week, infected more than 230,000 computers in 150 countries including India, demanding ransom payments in bitcoin in 28 languages.

Understanding the landscape of ransomware:

Some variants of ransomwares encrypt data in such a way that it is impossible to decrypt unless the user has an encryption key. These are called ‘Encrypting ransomware’ that incorporate advanced encryption methods. Another type of ransomware that is frequently circulated is ‘Locker ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. CryptoLocker, like WannaCry, is a malware when injected into a host system, scans the hard drive of the victim and targets specific file extensions and encrypts them. The encryption is executed using a 2048-bit RSA key pair, with the private key uploaded to command and control server. Some other types of ransomwares are Leakware, mobile ransomware, Reveton, CryptoLocker.F & TorrentLocker and CryptoWall. These malwares can attack through impersonation or leaking data if ransom is not paid within the imposed timeline.

 Ransomware: Understanding the landscape of this form of malware and effective ways to counter it

A screenshot of an infected computer.

Infiltration of ransomware:

Typically, entry of ransomwares is through Trojan. These Trojans are nothing but malwares hidden in legitimate looking files or attachments, which users access on their system. It could be an attachment from an email received in the name of a known user, a trick that involves creating a fake e-mail ID disguised as a known user. Often these ransomwares also use the route of network to enter the system, taking advantage of network loopholes or vulnerabilities. Once the malware gains access to the system; depending on variants, it might encrypt files, or display hoax messages demanding payment or may just lock the system. To protect themselves from being traced once the crime is committed, hackers are likely to use payment methods like Bitcoin (digital currency), wire transfers to bank accounts with fake names, or online payment vouchers like Ukash.

Let’s have a look at some statistics to understand the spread of ransomwares and the sources through which they enter in system

ransomware-distribution-medium

Image: Systweak

This graph shows growth in distribution based on the medium or sources which inject the ransomwares in system. Emails are the most susceptible to attracting malware. Email with attachments is generally the easiest way to target potential users. Website attachments and social media are the next target tools of opening gateway for Trojans.

 ransomware-attacks-12-months

This graph shows the growth in ransomware attacks on business in last 12 months. This indicates that though most of the organizations have strong security strategy, many still fall short to protect their perimeters, leaving loopholes for such attacks.  Surprisingly, the average ransomware amount demand has also seen a spike from $300 to $700 in last year. There is an increase in ransomware variants and almost all platforms / OS have been compromised now.

Protection from ransomware:

  • Regular Data backup: This helps restore the last saved data and minimise data loss. Ransomware also attacks servers; hence it is important to have back up on a disconnected hard drive or external device on pre-defined regular basis.
  • Prevention: To prevent infiltration of malware, having password protected tools to identify and filter certain file extensions like “.exe” or “. Zip”, are essential. Emails that appear suspicious should also be filtered at exchange level. There are also some tools that detect the entry of such malwares with features of zero days’ protection which work on threat emulation and threat extraction techniques. Users and businesses also need to ensure that hidden file extension is displayed, since it becomes easier to filter them.
  • User awareness: Awareness among users needs to be created to avoid opening unsolicited attachment. Malwares are typically designed to mimic identities of people that users interact with on a regular basis either on a personal or professional level.
  • Rules in IPS: It’s necessary to create rules in the Intrusion Prevention Software (IPS) to discard or disallow the opening of files with extension “.exe” from local App data folders or Appdata.
  • Regular patch and upgrades: To prevent leaks or vulnerabilities in software, ensure to regularly update the software versions and apply patches released by vendor. These patches and version are often released to wrestle with known or newly discovered exploits and can prevent known signatures of these malwares, Trojans or ransomwares to enter the system.

It is inevitable to use the technology in day to day life, but it is equally important to be alert and proactive to deal with malware in technology to safeguard data and systems. Services like penetration testing and vulnerability testing extended by companies such as TÜV SÜD are one of the most important facet of cyber security services to enable customers for early detection of vulnerabilities in network and web/mobile applications and be ready to take proactive and preventive measures to impede cyber-attacks before system is invaded.

The author is Head IT Infrastructure – APAC, TÜV SÜD, leading testing, inspection, certification and training service provider


Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.