Have you ever heard about the Ransomware? Surely you have heard about them in your workplace and also how dangerous they can be. More than a computer technician can tremble only to hear the word, and no wonder, since it is considered one of the most dangerous malwares that exist today. Why? Here we explain it to you.
What is a Ransomware and how does it work?
It is a kind of digital hijacking with a type of malware that blocks users from accessing their system or files, and the only way to access them again is through a rescue requested by cybercriminals.
This type of malicious software has existed since the 80s, and in its early days, they demanded rescues via postal mail, nowadays the payments work through cryptocurrencies or credit cards.
Their way of operating is usually through malicious spam, which can appear as advertising or email with infected attachments and often deceive users by posing as recognized institutions (for example the FBI) to click on their contents.
Once it arrives on the system, the ransomware contacts the central server to obtain the information it needs to activate, there it can block or encrypt the files, and thus indicate the rescue instructions.
Generally, cybercriminals threaten to erase information or raise the price of rescue if it is not paid in the estimated time. The ransomware can affect any type of operating system: Windows, Mac or Linux.
Types of Ransomware according to its complexity:
Scareware: Despite the fact it seems dangerous nevertheless it is less fearsome. It generally uses pop-up messages from “supposed” fake security programs or a false offer of technical support reporting that a malware has been “detected” and that the only way to get rid of it is to pay. If the payment is not made, it will continue to issue pop-up messages, however the files are not affected.
Screen blockers: In this case, the malware is more complex because it blocks the computer screen, preventing its use completely. The files are there but there is no way to access them, unless the computer is restored, which will lose all the information you have if there is no previous backup.
Encryption Ransomware: It is the most dangerous of all and, therefore, the most known, as it steals the files and the numbers, demanding a payment to re-decrypt and return them. By using encryption, it is impossible for a common security or restore software to return these files, unless the ransom is paid, which will not guarantee that the cybercriminal will return them.
Some prevention tips against Ransomware:
- Start by using (and updating) an antimalware, which includes firewalls.
- Update the system and all applications for any operating system, Mac, Windows or Linux.
- You can add a specific anti-ransom tool for this type of attack.
- Use antispam filters where these malwares usually arrive.
- Review the extensions of the files, to identify files that are passed by others (for example if you see a Word file with the extension .exe)
- Administrator accounts are the most sought after by hackers, they know they are those who have greater access to the system. That is why it is recommended to do daily tasks in other accounts and use administrator account only for system manipulations.
- Limit network access to sensitive files in terms of editing, share them so they can be read and give permission to edit only to those who need it.
- Make backups and save and keep the most sensitive information handly in secure applications such as Hushapp.
After the attack:
If, unfortunately, you were already a victim of a Ransomware, the first thing you should do is to keep calm, avoid as much as possible to pay, this will not ensure anything, and finally, follow these steps:
- Disconnect the internet device quickly before the malware can access the server. Isolates the device from all the rest of the network.
- Some large cybersecurity firms offer free solutions such as web pages and software to decipher ransomware and search for solutions to damages.
- The idea is to call the relevant authorities so they can help.
Cyber attacks by Ransomware are increasingly sophisticated and can cause large losses to companies (and also to people). Therefore, it is important to take all necessary preventive measures to protect sensitive information of the company.