Through this information security advisory, we
intend to educate you about the prevailing threat of “Ransomware” and the
precautions you need to take in order to prevent / mitigate such threats.
What is
Ransomware?
Ransomware is a type of malware that
cybercriminals use to deny you access to your computer, programs or files until
you pay a ransom. It typically propagates like a conventional computer
virus /worm, entering system through, for example downloaded malicious file,
malicious email attachment, visiting compromised websites or using network /
system vulnerability etc. The variants of ransomware discovered so far
can be categorized into the following two categories:
(i)
Encrypting Ransomware
(ii)
Non-Encrypting Ransomware
(i)
Encrypting Ransomware: Once
unleashed, this type of ransonware encrypts all files (typically document
files) on the disk as well as accessible network folders. Documents so
encrypted are unusable unless decrypted with a unique decryption key held by
the attackers. The malware author is the only party that knows about
needed private decryption key. It is important to mention here that no other
tools / software could be used to recover data encrypted by Ransomware.
The sample message displayed by one such
ransomware variant named Cryptolocker 2.0 is mentioned below:
Note: Even if malware infection is
successfully cleaned from the system for such type of ransomware, the files encrypted
by it could not be recovered. Paying the ransom also doesn’t
guarantee successful recovery.
(ii)
Non-encrypting Ransomware : This
kind of ransomware are usually less dangerous than the “encrypting ransomware”.
Once unleashed, it usually locks the screen / functionality of the system by
displaying a ransom note. One of such ransomware family variant named Winlock,
restricted access to system by displaying pornographic images and asked
victims to send premium rate service SMS (costing US$10) to receive a code that
could be used to unlock their machines.
Other variants used messages from law
enforcement agency stating that your computer was found to be involved in
illegal online activities and if you want to avoid legal proceedings against
you then you will have to pay fine. The fine amount usually ranges from 250 -
1000 USD. The screenshot of one such message is mentioned below:
How
money is collected from the victims through Ransomware schemes?
The extortion money is collected using
different means by different ransomware variants. The common means include
telling victims:
· To send
SMS or call premium rate numbers in order get “unlock” code.
· To buy
certain amount of Drugs from some online drug store.
· To wire
transfer money in some bank account or through western union.
· To buy
an online payment voucher from online services such as Ukash and PaysafeCard.
· To pay through digital currency like “Bitcoins”.
How can
you protect yourself from Ransomware?
· Be
careful with email messages - Be wary and skeptical of unsolicited email that
demands immediate action even from well-known and reputable companies or
government agencies, including well-designed but counterfeit invoices and
failed courier delivery notices or claims of illegal activity.
· Don’t
click on links or attachments in email from unfamiliar sources or that seem
suspicious—call the source to confirm authenticity.
· Make
sure that the corporate anti-malware is installed on your computer and it gets
updated regularly.
· Do not
download pirated / cracked software and key generators from internet as it may
contain malware.
· Disable
macros / active x controls in your MS office applications and never enable them
unless there is reasonable business justification to do this.
· All
important documents and files must be backed up on a regular, ongoing basis.
Should ransomware render documents unusable in an unfortunate circumstance, the
documents can then be recovered from a pre-infection backup copy. Backup media
must be kept offline and it is recommended to keep multiple backup sets.
· We need
to make sure that the operating system (OS) and other third party applications
running on our computer system get patched / updated automatically against
known security vulnerabilities
No comments:
Post a Comment