Ransomware is one of the dangerous threats in the digital security world in recent times. It is the most dangerous threat which is capable of encrypting the data and asking for a ransom in the bitcoins to get back your data.

The concept of file-encrypting ransomware was initially invented by Columbia University and was presented at the IEEE security and privacy conference in 1996. Ransomware is also called cryptoviral extortion. Ransomware uses symmetric keys to encrypt the Victims data and it is randomly generated.

Ransomware follows a three-round protocol between the attacker and Victim,

  1. Attacker to Victim – The malware is released by generating the key pairs and placing them in the corresponding public key within the malware.  
  2. Victim to Attacker – Malware generates a random symmetric key and encrypts the victim’s data to carry out the ransomware attacks. It uses the public key to encrypt the malware symmetric key. And finally, the victim is notified with the message of the encryption of data and how to pay the ransom. Asymmetric ciphertext and e-money are sent to the attacker by the victim. 
  3. Attacker to Victim – Once the payment is received to the attacker, decrypts the asymmetric ciphertext with the attackers’ private key and sends the symmetric key to the victim to encrypt the data infected by completing the attack.

Be sure with whatever you click,

Ransomware attacks are usually carried out by a Trojan which is injected into the operating system. For example, a Phishing email is received with a malicious embedded link, malicious attachments, and scareware virus which pops up with fake antivirus links to install malware during the browsing fraudulent websites.  

Preventing the ransomware techniques,

  • Asset Inventory – First of all have the list of devices connected to the internet and keep the software up to date with the latest patches and fixes.
  • Fraudulent websites – Keep an eye while visiting the fake websites which might malware be installed in your when you click or download unwanted applications (For example Pornography sites, etc.).
  • Phishing attacks – Think twice before clicking the link sent through email which might contain malware with Word, PDF, Excel, JPEG, etc., attachments with malware embedded into it using stenography techniques.
  • Trusted Websites and block pop-ups – Download from only the trusted websites for the genuine files. And you should authorize the download path you trust. Also, visit the websites which contain “HTTPS” in the address bar as these are secured sites other than “HTTP” which is not secured. 
  • Applications – Allow the applications which you trust the most before installing them in your environment. You should allow the applications only which are permitted or approved by your Organizations. 
  • Firewall – It’s a good practice to turn on the windows firewall either in Office or Home computers which defends any malicious activities. Windows firewall helps in protecting from unauthorized traffic with the system. More details on the Microsoft website.
  • Disable autoplay – Disabling the autoplay feature from windows allows the user to instantly play the device like USB, CD, etc. Malware could enter into the devices using this autoplay feature. 
  • Patch and software updates – Keep your computer with all the latest windows security patches installed which fix the vulnerability path holes which is the entry point for the malware. Also, update the antivirus tools with the latest signatures that the vendor provides.   
  • Data backup and recovery – Data is backup is most important step that needs to be taken in multiple storage locations, in case if the ransomware attacks succeeds. Backing up data will have solution to mitigate the risk of encrypted data from these attacks.

By Michael

Writer of Infohaunt is an Cyber Security Professional have experience in SOC operations, Threat Management, Incident Response, Threat Hunting, Digital Forensics.