How to Deal with Ransomware Attacks
It was just recently that a global ransomware attack called WannaCry exploited vulnerabilities in old Windows operating systems and led to losses of several hundred million dollars from computers worldwide. The attack was believed to have been originated from North Korea. In 2018, a new form of the same ransomware attacked advanced chip-manufacturing factories in Taiwan causing them to shut down production. With such large scale attacks taking place in the cyber arena, it has become imperative to learn about ransomware and how you can deal with it effectively.
Let Us Clarify Some Common Misconceptions About Ransomware
Ransomware is not just your typical another Malware and is quite different. It is also often misinterpreted as a virus, which is not valid. Worms, Viruses, Trojans, and Ransomware all come under the category of Malware. Worms and Viruses are both malware programs which can replicate themselves.
Worms do not cause harm to the computers they infect while viruses damage the files on the systems they attack.
Trojans neither destroy nor delete computer files present on a system. Their sole objective is to open a backdoor for other malicious programs and software to enter the systems they infect and take away essential data which can later be used to commit further crimes such as financial fraud.
Ransomware might be said to be the worst of all malware as they alter the regular operation of a system and also display warning messages asking for a ransom to bring the computer systems back to a reasonable working condition.
One of the most significant and recent ones is “WannaCry” or “WannaCrypt” which targeted Windows operating system in 2017. The malware infected over 230,000 systems in around 150 countries.
WannaCry encrypted the system’s hard disk drive and then spread among devices on the same network.
Once infected, victims are shown a message demanding that they pay $300 in Bitcoin to retrieve their files. It further says that in case they are not willing to pay the given amount within three days, the amount itself would be doubled. The message goes on to say that if the amount is not paid even after seven days, then the encrypted files would be deleted.
How To Identify And Classify A Ransomware Infection?
Knowing more about the Ransomware infection will help determine the appropriate actions which will have to be taken.
- First, identify the type of ransomware that you suspect is in your device. You should check if it is a screen-locking, encrypting, or even fake ransomware.
- Check if you can access your computer’s files or folders.
- If you get the same ransomware screen over and over, then it is probably screen ransomware and is not that harmful. In general, screen-locking ransomware display statements like “You were caught watching pornography” or “You have filed the wrong taxes”.
- However, If you can browse through your files but are unable to open them, then this is encrypting ransomware, and it is a more severe infection.
What To Do If You Think You Are Infected By Ransomware?
Disconnect the network:
If you’re on any network, disconnect your system from it, and go offline.
Call an expert if you think this is something you cannot deal with, or the data contained in the device is sensitive or high value.
Take a photograph:
Take a picture of the ransom note being displayed on your screen for evidence, and to refer to details of it.
Use anti-ransomware software:
Use anti-ransomware software to clean your device. Then reboot your device in safe mode. Pressing the F8 key repeatedly with 1-second intervals will trigger safe mode.
You can recover your files through various data recovery tools available in the market.
If you can browse through your system files and access them, then you have been the victim of fake ransomware which is not harmful. In such a case, you can end this task through “pressing the Ctrl+Shift+Esc keys which will open the ‘Windows Task Manager’. Navigate to ‘Application Tab’, Right click to browser application and click on ‘End task.’”
How To Prevent Ransomware From Infecting Your System:
Prevention of a Ransomware attack is always better than taking remedial steps taken after it has already happened. To prevent your system from these types of attacks, follow the procedures mentioned below:
Create regular backups of essential computing files. The malware only affects files that exist on the computer itself and cannot harm your backups.
Reinstall & restore:
If you have created a thorough backup and your machine gets infected, you can restart your machine, reinstall your software and restore the files you had placed in a backup.
Beware of Phishing emails:
Do not click on random URLs which may have come into your inbox through email, messages or via any other medium.
Up-to-date Software and Operating system:
Update your phishing protection programs regularly, keep your operating system up to date and enable pop-up blockers. You should update all software frequently and refrain from opening attachments that may appear suspicious. Proper defences can easily block standard ransomware software via several methods such as creating shadow versions of your hard drive which fools the malware into encrypting the shadow versions and leaving your real files untouched.
It is thus apparent that preventing a ransomware attack is preferable than having to restore backed up data and risk inconvenience and even loss of finances. Proper preparation, knowledge, and planning can keep you safe from such attacks.
- “What to do If you’re Infected by Ransomware” (June 30, 2017, by Paul Wagenseil)
- “What is ransomware? How these attacks work and how to recover from them.” (December 19, 2018, by Josh fruhlinger.”