DEV Community

Cover image for Ransomware Attacks
Darshan Sahadev Gawade
Darshan Sahadev Gawade

Posted on

Ransomware Attacks

What is ransomware attack?

Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again. This class of malware is a criminal moneymaking scheme that can be installed through deceptive links in an email message, instant message or website. It has the ability to lock a computer screen or encrypt important, predetermined files with a password.

Types of ransomware attack

1.Scareware

Scareware, as it turns out, is not that scary. You might receive a pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe.

A legitimate cybersecurity software program would not solicit customers in this way. If you don’t already have this company’s software on your computer, then they would not be monitoring you for ransomware infection. If you do have security software, you wouldn’t need to pay to have the infection removed—you’ve already paid for the software to do that very job.

2.Screen Locker

Screen locker ransomware is a form of malware that restricts login or file access while demanding payment to lift the restriction. It’s typically deployed at the operating system (OS) level, meaning you won’t be able to use an infected computer or device. When attempting to log in or power up the computer or device, screen locker ransomware will display a pop-up demanding payment.

With screen locker ransomware, you won’t be able to use the infected computer or device. It will serve a pop-up message whenever you attempt to log in to the OS. And unlike legitimate pop-ups, you won’t be able to close it.

3.Encrypting ransomware

This is the most common attack. These are the guys who snatch up your files and encrypt them, demanding payment in order to decrypt and redeliver. The reason why this type of ransomware is so dangerous is because once cybercriminals get ahold of your files, no security software or system restore can return them to you. Unless you pay the ransom—for the most part, they’re gone. And even if you do pay up, there’s no guarantee the cybercriminals will give you those files back.

How ransomware attack works?

Alt Text

There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing spam — attachments that come to the victim in an email, masquerading as a file they should trust. Once they're downloaded and opened, they can take over the victim's computer, especially if they have built-in social engineering tools that trick users into allowing administrative access.

There are several things the malware might do once it’s taken over the victim's computer, but by far the most common action is to encrypt some or all of the user's files. But the most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker.

In some forms of malware, the attacker might claim to be a law enforcement agency shutting down the victim's computer due to the presence of pornography or pirated software on it, and demanding the payment of a fine perhaps to make victims less likely to report the attack to authorities. But most attacks don't bother with this pretense. There is also a variation, called leakware or doxware, in which the attacker threatens to publicize sensitive data on the victim's hard drive unless a ransom is paid. But because finding and extracting such information is a very tricky proposition for attackers, encryption ransomware is by far the most common type.

How to prevent ransomware attack?

Alt Text

1. Backup Your Systems locally and in The Cloud

The first step to take is to always backup your system. Locally, and offsite.
This is essential. First, it will keep your information backed up in a safe area that hackers cannot easily access. Secondly, it will make it easier for you to wipe your old system and repair it with backup files in case of an attack.
Failure to back up your system can cause irreparable damage.
Use a cloud backup solution to protect your data. By protecting your data in the cloud, you keep it safe from infection by ransomware.

2. Segment Network Access

Limit the data an attacker can access with network segmentation security. With dynamic control access, you help ensure that your entire network security is not compromised in a single attack. Segregate your network into distinct zones, each requiring different credentials.

3. Early Threat Detection Systems

You can install ransomware protection software that will help identify potential attacks. Early unified threat management programs can find intrusions as they happen and prevent them. These programs often offer gateway antivirus software as well.
Use a traditional firewall that will block unauthorized access to your computer or network.

4. Install Anti Malware / Ransomware Software

The security software should consist of antivirus, anti-malware, and anti-ransomware protection. It is also crucial to regularly update your virus definitions.

5. Run Frequent Scheduled Security Scans

All the security software on your system does no good if you aren’t running scans on your computers and mobile devices regularly.
These scans are your second layer of defense in the security software. They detect threats that your real-time checker may not be able to find.

Top comments (1)

Collapse
 
ketan_patil profile image
Ketan Patil

Very Informative