How to get rid of Ransomware attack?
Have you ever witnessed Ransomware attack on your PC? Did you faced a situation that your files are locked or encrypted and somebody asked you to pay them money (ransom) to decrypt or unlock it? Did you pay them to get back access on your files? Do you want to get rid of these ransomware attacks without paying money? Here you can find what ransom ware attack is and how to protect your PC or Server infrastructure from Ransomware attack such as WannaCry or .locky etc...
Table of Contents
The recent major attack that startled the Information Technology World (IT World) is a ransomware attack specifically caused by a bug named Wannacryptor 2.0 or Wanna Cry. This massive ransomware infection spread across the globe recently and affected more than 100 countries worldwide. As per researchers, the attackers exploited the weakness in Microsoft system identified by NSA named as Eternal Blue. NSA utilized this loophole for their secret intelligence activity instead of informing Microsoft about the same which was later used by the WannaCry attackers as well.
In last two, three days online and offline worlds are discussing the word ransomware extensively and are scared about its effects. But what is it actually? Do you want to know what Ransomware attack is and how it affects you? From the time that computer systems came into being, many people were aware of its weakness and tried to exploit it. Such attacks are also growing along with evolution in the IT industry. As we are here discussing ransomware, first we need to understand what Ransom is? Ransom means holding something to extort money. The first known ransomware attack was AIDS Trojan written by Joseph Popp in 1989. He had given a floppy disk to people who attended a seminar of WHO (World health organization) and the program penetrated into the PCs of the users who used it. After a certain period of booting, data was encrypted and displayed a message to pay ransomware to the address in the message. This is the first time such opportunities were opened to the world. Now, with the revolution of IT industry such programs are spreading over through the internet to penetrate the user PCs in order to take control and ask ransomware to release it. Now, the latest such incident is "WannaCry" ransomware which has affected more than 100 countries. What is Ransomware attack?
Ransomware is a kind of cyber attack that involves hackers or cyber attackers taking control of your computer system and blocking you from accessing it usually until you pay ransom to them. Ransomware malware or trojan stops you from accessing your computer normally by holding your PC files for ransom by means of digital blackmailing. There are different types of ransomware and malware that exist, however, all of it works as to stop you from using your computer normally. This kind of malware/ spyware can target any computer, whether it's a home computer or servers in an enterprise network. Ransomware programs can prevent you from accessing your operating system such as Windows by locking your screen, or by means of encrypting your files so you can't open and use them or stop certain applications from running (like your web browser). They will demand money to give back access to your PC or files, but there is no guarantee that you will get back access once you pay them the "Ransom". What is Wanna Cry ?
Wanna Cry is a specific type of ransomware program that locks all the data on your computer system. You will get two files with instructions to what to do next and Wanna Decryptor program itself. When you open the software it will demand you to pay them ransom as bitcoin to get the key to decrypt the files.
Ransomware works by sending you an unsolicited email typically designed to trick the victim to click on an attachment or visit the web page. Once the victim does either of these actions, the attacker leverages your operating system to run the ransomware code. Then this ransomware program encrypts data and demands you to pay them. Here, Wanna cry exploits a weakness in Microsoft SMB and replicates itself and spread around the network. Microsoft has already announced the patches (MS17-010) for it. But these patches will not be available for the PCs running Windows XP and older and Servers running Windows Server 2003 and older as Microsoft has already stopped support for these operating systems. So, it's a mandatory time for updating these Operating system to a newer version as you are less vulnerable from these kinds of ransomware attack. Also, organizations which use an unlicensed version of OS are also vulnerable from these kinds of Ransomware attacks. How Ransomware programs works?
Encryption is a technique which allows you to keep your files safely or prohibit others from accessing your secret files by putting an encryption key to open a file. If you are encrypting a file, you are the responsible person who knows the key to open it. It's a good technology to save our data and it's quite safe as you know the key to open it. But suppose, if your computer is locking your file without your awareness. Suppose these files are encrypted by a program which has been sent to your computer by a hacker and the encryption key is automatically sent to the attacker through the network. Then your information is inaccessible to you as the decryption key is with the attacker and difficult to get back. Here the attackers demand money or ransom to give back access to your files. So, it compels users to pay them money.
In past, these kinds of virus or malware were spreading through a floppy disk, CD, or through USB, but now with the easy access to the internet across the globe, it makes you more vulnerable to these attacks. You may get these ransomware programs as an attachment to your mail. Once you open the attachment in your PC, it spreads not only in your PC but also to entire network. Likewise, the virus/ malware can spread to your PC by being downloaded from infected websites as well. What to do when you are a victim of Ransomware attack?
What to do when you are a victim of ransomware attack? Now, it is has become a sensational news and people around the globe wants to hear the solutions for this attack. Is it wise to give them money to get back access to our file? My answer is absolute no because paying money to them will not guarantee that they will give you access to your file but will encourage them to demand more from you. Purely speaking it's much difficult to get back the data that are encrypted unless we get the key to decrypt it. There are a lot of paid applications that are there to decrypt data for you. But as I don't have personal experience with those I can't guarantee that they will decrypt your files. But you can remove the ransomware programs which cause the files to become encrypted. There are enormous enterprise antivirus solution companies available for to help us in this regards like Trendmicro, McAfee, Kaspersky, F Secure, Avast, Symantec, Nod 32, etc… These enterprise antivirus solutions teams are updating their patches regularly to find and block the major Trojans, viruses, malware, spyware from the affected systems.
Once you are a victim of ransomware attack, the first thing you need to do is terminating the systems which are affected by the virus immediately from the network. Because if it's connected to a network there is more possibility of it spreading over your network. I have faced a ransomware attack in 2016 and the file named with .locky extension caused all our files in the file server to get locked. As we were analyzing the root cause, we came to know that the file with .lockey extension came to our network through an email attachment and the email was sent from our own domain. The user had opened the file and he was connected to the file server. All the files in the folders he had access to were encrypted and we were asked to give them money as bitcoin. But luckily we overcome the situation as we had all the files backed up. First, we removed the file server from the network and shut down the file server in order to stop the spread of this malware over the network. Then we used trend micro anti ransomware tool to remove the virus programs from the all affected PCs. But to ensure we are more secure, we have formatted the PCs affected and run the anti ransomware utility in all PCs in our office. You can use other antivirus solution as well for this practice. How to protect your data from Ransomware attack?
We will not able to stop the attacker from creating the Ransomware or Trojans. They always try to penetrate system of others to make money out of it. Most of the operating system or software makers are keen to develop well maintained secured applications for end users. However, as they are created by humans there is a possibility for some loophole. The application programmers are always there to figure it out and update the patches to resolve the weakness. But here the hackers or cyber attackers try to exploit this weakness to extort money. But for a user data is more important and we need to take precautionary action before something happens to our IT infrastructure.