How does Ransomware spread?
Ransomware is a kind of malware that blocks
or encrypts user’s files and demand a ransom in order to decrypt them. These
malicious programs mostly spread by tricking the users to click on some popups
which may have appeared to be safe and sound. Once such a spurious popup is
clicked, a ransomware program gets installed to the system and finds files with
extensions like JPG, XLS, PNG, PPT, DOC, etc. These files are generally
important ones in any computer system. The installed program then informs the
user to make a payment to the perpetrators generally in the form of
cryptocurrencies. The payment is generally done in this way so that nobody can
trace the identity of the team spreading ransomware. Attackers generally uses
Tor protocol to conceal their location.
Along with this, ransomwares also spread
via traditional mailing system. More than 60 percent of ransomware spreads via
an email (specifically as a Microsoft Word document or a .ZIP file). According
to Cisco Systems’ 2017 Annual Cybersecurity Report, 65 percent of email traffic
is spam and about 10 percent of the global spam observed in 2016 was classified
Financial damages due to ransomware:
Businesses as well as individuals need to
be fully aware of the threat posed by ransomware and make cybersecurity a top
priority. According to Kaspersky, every 40 seconds a company gets hit with
ransomware. Moreover, attacks on business has increased three times in 2016.
The ransomware attack can definitely disrupt critical systems and sensitive
data. In 2015, ransomware accounted for a damage of roughly about $325 million
according to the Microsoft. In 2016, the damage cost was predicted to reach $1
billion by Cybersecurity Ventures. According to Cisco 2017 Annual Cybersecurity
Report, ransomware is growing at an annual rate of 350%.
Other than financial impacts, there is
permanent or temporary loss of sensitive or proprietary data. Moreover, the
regular operations get disrupted. On an organizational level, it potentially harms
the organization’s reputation. Even on paying the ransom, one may not guarantee
that the encrypted files will be decrypted. In addition, it cannot be said that
the malware infection has been completely eradicated from the computer system.
Conventional ways of tackling Ransomware:
One must ensure that an antivirus is
installed and is up to date. Though an antivirus could be a first line of
defense as it is based on signatures thus new variants may slip through cracks.
In an organization its best to have a multi-faceted security solution that
could provide enhanced protective technologies such as firewalls,
behavioral-based threat prevention, heuristics, etc. Security awareness
campaigns should be organized that stress the avoidance on being easily tricked
by the spurious links and attachments in email. Since most users never think
twice before opening such bogus links, phishing has become a common entrance
vector for ransomware which is eventually extremely successful.
Moreover, it has become extremely important
to backup the data. It’s recommended to remove the external storage device once
a backup has been taken so that if ransomware does infect the computer, it
won’t be able to touch the backup. Also, GPO restrictions are an easy yet
affordable way for restricting any kind of malware. GPO has the ability to
provide granular control over the execution of files, thus, enhancing the
security of the computer system.