Ransomware is a type of malicious software from cryptovirology that
blocks access to the victim's data or threatens to publish it until a
ransom is paid. Any action is possible once a device or system is
infected and there is no guarantee that paying the ransom will return
access or not delete the data. Simple ransomware may lock the system in a
way which is not difficult for a knowledgeable person to reverse. More
advanced malware uses a technique called cryptoviral extortion, in which
it encrypts the victim's files, making them inaccessible, and demands a
ransom payment to decrypt them. The ransomware may also encrypt the
computer's Master File Table (MFT) or the entire hard drive. Thus,
ransomware is a denial-of-access attack that prevents computer users
from accessing files since it is intractable to decrypt the files
without the decryption key. Ransomware attacks are typically carried out
using a Trojan that has a payload disguised as a legitimate file.
Ransomware malware can be spread through malicious e-mail attachments, infected software apps, infected external storage devices and compromised websites. In a lockscreen attack, the malware may change the victim’s login credentials for a computing device; in a data kidnapping attack, the malware may encrypt files on the infected device as well as other connected network devices.
Ransomware kits on the deep web have allowed cybercriminals with little or no technical background to purchase inexpensive ransomware-as-a-service (RaaS) programs and launch attacks with very little effort. Attackers may use one of several different approaches to extort digital currency from their victims. For example:
To protect against ransomware attacks and other types of cyberextortion, experts urge users to backup computing devices on a regular basis and update software -- including anti-virus software -- on a regular basis. End users should beware of clicking on links in emails from strangers or opening email attachments and victims should do all they can to avoid paying ransoms.
While ransomware attacks may be nearly impossible to stop, there are important data protection measures individuals and organizations can take to insure that damage is minimal and recovery is a quick as possible. Strategies include compartmentalizing authentication systems and domains, keeping up-to-date storage snapshots outside the main storage pool and enforcing hard limits on who can access data and when access is permitted.
Ransomware malware can be spread through malicious e-mail attachments, infected software apps, infected external storage devices and compromised websites. In a lockscreen attack, the malware may change the victim’s login credentials for a computing device; in a data kidnapping attack, the malware may encrypt files on the infected device as well as other connected network devices.
Ransomware kits on the deep web have allowed cybercriminals with little or no technical background to purchase inexpensive ransomware-as-a-service (RaaS) programs and launch attacks with very little effort. Attackers may use one of several different approaches to extort digital currency from their victims. For example:
- The victim may receive a pop-up message or email warning that if the ransom is not paid by a certain date, the private key required to unlock the device or decrypt files will be destroyed.
- The victim may be duped into believing he is the subject of an official inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
- The attacker encrypts files on infected computed devices and makes money by selling a product that promises to help the victim unlock files and prevent future malware attacks.
To protect against ransomware attacks and other types of cyberextortion, experts urge users to backup computing devices on a regular basis and update software -- including anti-virus software -- on a regular basis. End users should beware of clicking on links in emails from strangers or opening email attachments and victims should do all they can to avoid paying ransoms.
While ransomware attacks may be nearly impossible to stop, there are important data protection measures individuals and organizations can take to insure that damage is minimal and recovery is a quick as possible. Strategies include compartmentalizing authentication systems and domains, keeping up-to-date storage snapshots outside the main storage pool and enforcing hard limits on who can access data and when access is permitted.
0 comments:
Post a Comment