How to Protect You and Your Business from Ransomware Attack?
Summary: This article bespeaks of Ransomware, how it attacks, preventive measures you can take to secure your computer, and what steps you can take in case of a Ransomware attack. It also highlights a secure and reliable third-party tool to restore the compromised data.
Ransomware attack is on a rise these days and has victimized several computer users across the globe. It infects files on your computer (mostly Windows) by locking them and then demands a ransom to unlock them. It is a malicious code or a software application containing computer viruses.
Ransomware attack is committed by cyber criminals who send ransomware through the Internet to lock the files on your computer and then demand a ransom to unlock them. It can launch ‘lockscreen attacks’ or ‘data abduction’ on your computer. In the former, the virus or malware changes the credentials to log into computing device while in the latter, the malware encrypts files on the infected device as well as on other devices in the connected network.
Unlike other types of data security exploitations or cyber-extortions, the victims are notified with a message pop up stating that their files have been affected which is then followed by instructions for recovering the locked data or decrypting the files. Here, the instructions also contain a payment message for recovery in virtual currency, thereby, protecting the identity of the wrongdoers.
How Does Ransomware Affect Your Files?
Ransomware virus or malware affect files on your computer and spreads in a number of ways:
- Malicious attachments in emails
- Messages with malicious codes
- Infected software applications
- Infected external data storage devices
- Compromised websites on the web
What are the types of Ransomware?
The following are some of the common types of Ransomware that can infect your files:
- CryptoLocker: It encrypts files with specific extension and unmapped network drives. Once encrypted, a message informing the encryption of file is displayed on user’s screen demanding the ransom.
- CryptoWall: It is distributed via spam or exploit kits. When the user opens the malware attachment, the CryptoWall binary copies itself into the folders and encrypts them.
- CTB-Locker: CTB-Locker users Elliptic Curve Cryptography (ECC) to encrypt files and once it is run, it copies itself into Microsoft temp directory.
- Locky: It is a spam typically disguised as emails or any other important attachment. Once open, Locky encrypts a large array of file types using AES encryption.
- TeslaCrypt: Like Locky, it also use AES encryption algorithm. Once it is open, it installs itself in the Microsoft temp folder encrypting all the files
- TorrentLocker: It is distributed through spam emails and uses AES encryption algorithm.
Of all Ransomware types, the one that deserves attention is the WannaCry Ransomware that occurred on 12th May, 2017 affected about 200,000 Windows computer users in 150 countries. It impacted both Individuals as well as small, medium, and large Enterprises. Also, both private and public sector businesses were equally affected. It encrypts data and demands ransom in cryptocurrency Bitcoin. It affects a computer when the user opens a spam email, and once open, it uses EternalBlue exploit and DoublePulsar backdoor to spread through unmapped networks infecting all the exposed systems.
After infecting, it comes up with the following screen on your infected machine:
It also displays a file named ‘!Please Read Me!.txt’ that contains content explaining all that has occurred and how to overcome it by paying the ransom. The ‘!Please Read Me!.txt’ file is displayed below:
Now that you know the details of WannaCry ransomware and how it infects Windows OS, you would definitely wish to know the ways using which you can prevent your system from becoming infected. For this, it is recommended to both individuals and enterprises to apply the following:
- Patches that Microsoft Security Bulletin MS17-010 holds.
- Microsoft Patch for Windows XP, Vista, Server 2003, Server 2008 and all other unsupported or old Windows versions.
- Disable SMBv1 or block SMB ports on Enterprise Edge/perimeter network devices [UDP 137, 138 and TCP 139, 445].
Note – Applying the above three patches using the Microsoft’s official Windows Update functionality in Windows OS implies keeping your system up-to-date, thereby, making your system less vulnerable to such attacks.
Other Ways to Prevent WannaCry Ransomware Attack
The following are the ways using which you and enterprises can decrease the occurrences or avoid WannaCry ransomware attack.
- Regularly backup all the data either using backup software or hardware.
- Never open attachments or click on links on emails that you find suspicious.
- Download required software utilities only from trusted websites.
- Update the anti-virus on your system to the latest available version.
How to Protect Yourself from a Ransomware Attack?
Several authorities in the U.S and U.K have issued a guide for both Individuals and Enterprises by which they can remain protect themselves from a ransomware attack or prevent ransomware attacks on their computers. They are as follows:
For Individuals and Small Enterprises:
- Download software applications from trusted sources only.
- Run ‘Windows Update’ to get the latest updates on software tools.
- Assure that the anti-virus program or software on your Windows is updated to the latest version.
- Scan your computer regularly for any malicious code, software, or programs. You can also set up regular auto-scan on your computer for malware and viruses.
- Back up important or key data on your computer on a backup hardware or use backup software tools.
- Ignore pop-up messages asking for a ransom to access your files.
- Examine the links and files contained in emails: if you find them suspicious or is sent by strangers, do not open.
For Large Enterprises:
- Microsoft security patches should be updated to the latest available version.
- Software tools must be downloaded from trusted websites only.
- A backup of all key data should be kept using backup software applications or on external data storage devices.
- All incoming and outgoing emails must be scanned for malicious attachments or links.
- Anti-virus programs should be updated to the latest version and regular scans should be conducted.
- Tests against the security of the network must be run at least once a year as suggested by the Department of Homeland Security.
- Employees should be educated on how to identify scams, malicious links, and emails containing viruses or malicious codes.
What to Do If Attacked by Ransomware?
Ransomware attack is certainly a cause for worry as both Individuals and Enterprises lose access to their files saved on the computer. Nonetheless, the following measures can be taken if one or the other ransomware has already attacked and infected the files on your Windows-based system:
- Never pay the ransom demanded by the ransomware, be it WannaCry or any other. This is because there is no guarantee that the locked or encrypted files will be unlocked or decrypted.
- An affected individual can seek help from IT support service providers.
- Enterprises, be they small, medium, or large, must contact law enforcement agencies and provide detailed information so that these agencies can catch hold of the wrongdoers.
- Restore backups of data from backup hardware devices or backup software applications as the case may be. With this, you can easily access the files that were locked or encrypted on the affected computer.
Of all types of Ransomware, the files infected with WannaCry are difficult to recover as they are overwritten with general data and deleted; however, even though you may maintain a backup yet recovery may seem challenging. This is because WannaCry first encrypts your file or makes a copy of the original file and then encrypts it by deleting the original file; therefore, there may be a possibility that your backup files may be infected as well.
Therefore, decrypting the file using conventional methods becomes a far cry. This is when you require a secure and reliable data recovery tool to counter this malware to regain access to your files.
Stellar Windows Data Recovery – Professional Software: The Need of the Hour
Stellar Windows Data Recovery – Professional is an effective tool which not only eliminates the risk but successfully recovers most of your infected data. It safely recovers original files encrypted by WannaCry ransomware.
A viable solution, it possesses the following capabilities —
- You can recover files from the hard drive by connecting it externally to the system
- With it, you can recover any infected data, files, documents; it supports a wide range of multimedia files as well
- You can restore emails and mailbox content such as attachments, contacts, entries, dates, files and folders within the database
- With the preview features, you can view the necessary files that you want to recover and discard less important ones
- Once your system is attacked by a ransomware, it might be that the system will fail to boot, for such a situation it provides you with a bootable or ‘start-up’ disk
- It also provides you with the option to image your hard drive so as to backup your files
- As your data is encrypted, it will be difficult to search for it with standard scanning processes; but, with Advanced Scan and RAW Recovery features, you can easily search for files and recover them
You are now aware of what Ransomware is, how it affects both Individuals and Enterprises, and the preventive measures you can take to counter them. With Ransomware on an increase and cyber criminals increasingly looking at engulfing the entire Digital Space, you must stay alert and be wary of suspicious activities on your system.