In 2017, ransomware attacks clearly dominated the cybersecurity landscape. WannaCry, Petya, Not Petya, Adylkuzz, Bad Rabbit, Cerber, etc. are just a few names that did the rounds in the last year. Lucrative payments is one of the most prominent reasons which has lured in many attackers to launch multiple ransomware campaigns in the last couple of decades. Though we are yet to see a major ransomware attack this year, activities of cyberspace are unpredictable.
What is a Ransomware?
Ransomware is a type of malicious software i.e. malware which encrypts the data on a target system and then asks for a certain amount of ransom to be paid for decrypting the encrypted data. If the victim does not pay the amount of ransom asked by attackers, his files are never decrypted. Lately, the attackers have been asking the victims to make payments in cryptocurrencies such as Bitcoins. Moreover, there have been instances where the victim has paid the ransom amount and still his files were not decrypted, or only a few files were decrypted in order to extort more money as a ransom for decrypting the remaining files.
How does Ransomware Work?
The first known ransomware attack, dating back to 1989, was spread using floppy disks and it asked for a payment of $189 to be made to receive the decryption key. Fast forward to present day, the attackers are now actively using the Internet as a primary medium to infect various computers.
A generic ransomware attack can be divided into three steps –
Figure 1: Steps in a Ransomware Attack
A ransomware enters into the target system via a particular type of medium such as emails, messaging services, drive-by downloads, etc. Once the downloaded file is opened or executed, the payload starts encrypting the files on the system. After all the files have been encrypted, a ransom screen is displayed which specifies the amount of ransom to be paid along with the preferred payment method.
Figure 2: WannaCry Decryptor Screen (Source: computerworlduk.com)
The Worst Ransomware Attack – WannaCry
Out of all the ransomware attacks so far since the beginning of the Internet, the WannaCry outbreak of 2017 can be easily termed as the worst attack. Somewhere around May 2017, it spread like wildfire infecting more than 400,000 computers. The most prominent victims of this outbreak were the UK’s National Health Service (NHS) and Telefonica, the largest telecom service provider of Spain.
Figure 3: WannaCry Outbreak (Source: NY Times)
WannaCry used ETERNALBLUE to exploit a vulnerability in SMB (Server Message Block) protocol. This protocol is used for giving access to files, ports, printers, etc. ETERNALBLUE is believed to be one of those NSA-built tools which were leaked by a hacking group going by the name of Shadow Brokers in April 2017. Prior to this leak by Shadow Brokers, Microsoft had already released the updates on March 14, 2017. Even though the update was marked as critical by Microsoft, many organizations failed to update their systems in the next two months leading to the WannaCry outbreak.
The ever-looming threat of ransomware attacks is dangerous for businesses as well as individuals. After the systems have been infected, their recovery is another tedious task. To ensure that you do not become a victim of ransomware attacks, you must act smart in the cyberspace. Here are a few suggestions from security experts at Logsign:
- Take regular backups of your data and store the backups by isolating them from the network.
- Regularly update your system, software, and applications.
- Implement security policies along with a properly documented access control policy.
- Promote cyber hygiene inside the organization by organizing training sessions and workshops.
- Continuously monitor your systems using antivirus and antimalware tools.