Topics In Demand
Notification
New

No notification found.

Ransomware? Don’t worry, there’s a way out!
Ransomware? Don’t worry, there’s a way out!

September 27, 2020

135872

0

During the pandemic, ransomware attacks have increased significantly. Recently there are many cases of companies, organizations, and authorities like NHAI, US Newspaper company, Mac hit by the ransomware attacks. New ransomware – Maze (attacked NHAI), WastedLocker (US Newspaper Company), Try2Cry (infects USB drives), Avaddon (using Excel Macro 4.0), ThiefQuest & EvilQuest (for Mac).

Ransomware is the malware that breaches the protection of the system by using malicious codes. Modern ransomware families, encrypt certain file types on compromised systems. The attacks not only focused on a particular individual, but many organizations and institutions are also involved. There are new threats to the education sectors and similar organizations as they’ve already switched their operations online. They are mostly spread through phishing emails having malicious attachments or by downloading from drive links. Drive-by downloading happens when a user unknowingly hits an infected website and the malware gets installed. It has also spread through social media, web-based instant messaging applications, vulnerable web servers have been misused as an entry point to gain access to an organization’s network. Out-dated technology infrastructure, Wi-Fi routers with default passwords, not checking the authenticity of the emails, unconfigured firewalls are some of the reasons for your system to be infected. Other types of social engineering attacks like Spear phishing, Whaling, Smishing (SMS phishing), Vishing (voice phishing), Pharming (DNS based phishing – involves the alteration of a system’s host files or domain name system), Content-Injection Phishing (inserting malicious code or misleading content into the real websites), Man-in-the-middle Phishing.

 

Working of Ransomware

 

Responding to Ransomware attacks

  • If your system is running slower than usual speed, then:
    • Immediately disconnect the system from the connected network.
    • Delete the Trojan and affected files or applications.
    • Do a full security check on the system & network while taking necessary precautions.
    • Doing this can prevent the system from being affected by any malware or pre-planned ransomware and will keep your data secure.
  • If attacked:
    • Check the encrypted files by uploading it on sites like https://www.nomoreransom.org, https://id-ransomware.malwarehunterteam.com to identify the type of ransomware.
    • If the ransomware was identifiable, then it would display the name of ransomware and possible solution to decrypt your files.
    • The NoMoreRansom project is an initiative to help victims retrieve their encrypted data without having to pay the attackers.
  • If these sites couldn’t help you:
    • Then immediately isolate or power-off affected devices.
    • Change all the account passwords & network keys.
    • Take the help of experts.
    • Follow the preventive measures.
    • Contact law enforcement.
    • Delete Registry values & files
  • Develop & prepare employee training programs for recognizing scams, malicious links, and attempted social engineering.
  • Run frequent penetration tests on the network as often as possible and practical.

 

Preventive Measures

  • Educate yourself & your employees on the new techniques used by cybercriminals and organize the security awareness pieces of training to give them basic cybersecurity training.
  • Install the Antivirus & Anti-Malware software in the systems for the prevention of newly emerging threats.
  • Proper firewall settings on systems & routers. And avoid unknown USBs & devices.
  • Filter the emails properly to prevent phishing emails from untrusted sources.
  • Always check the headers, format & design, grammatical mistakes, and the authenticity of the mail before following what’s instructed in it.
  • Email path & headers could be checked on the given website by pasting the email headers:  https://www.cyberforensics.in/OnlineEmailTracer/index.aspx.
  • Hover over the URL attached in the email to see the actual URL behind the attached one.
  • Using whitelisting switches will be safeguard at the network level and, whitelisting software will block the execution of untrusted applications.
  • Backup the data on the trusted cloud service or any separate device/drive rather than create a backup on the same system or any other system connected to the network.
  • Systems must have updated Firmware and Antivirus, Anti-Malware installed with the latest patches. Other IoT devices must have updated firmware and better security configurations.
  • Keep testing the security of your internet-facing applications, systems & devices, and the internal systems by hiring penetration testers.
  • Apply proper limits on the permissions of the normal users & employees on installing and running the applications and software from untrusted sources.

That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


Digital Forensics Intern at Digital 4n6

© Copyright nasscom. All Rights Reserved.