Ransomware refers to a type of malicious software that shields victims from accessing their databases, pictures, documents, and other files. It encrypts these accessories and demands a ransom to decrypt them back. The payment has a deadline after which, if not met, the demand increases, or the ransomware encrypts the accessories forever.
Most common ransom variants you should be aware of
This ransomware began its distribution in May 2017 by Necrus bonnet. The distribution was through spam emails that contained a PDF attachment with an embedded DOCM file. The malware’s infection rate was around 10,000 emails per hour.
It is one of the most prominent malware to date after taking over Crptolocker sometimes back. This malware uses AES encryption and conducts its Command and Control communications over the Tor network.
This is an offline ransomware that spreads mainly via malvertising campaigns that leverage exploit kits. It also spreads through spam campaigns.
This threat encrypts user pictures, documents, and other types of files. It requests victims to pay up to $1800 so that their files can be decrypted.
May 2017 saw this ransomware spread on a large scale. It makes use of EternalBlue to propagate between and within networks. EternalBlue is a Windows SMB exploit.
This ransomware spreads mainly through spam emails. The emails have a downloader disguised as a Word or Zip attachment. This downloader downloads and installs the malware that encrypts users’ files.
How can an organization reduce its exposure to ransomware and prevent its impacts?
Continuous data backups
Automated and protected data backups help an organization recover from any malware attack with a minimum data loss. You don’t need to pay a ransom either.
The use of strong user authentication makes it difficult for an attacker to utilize guessed or stolen passwords.
Organizations should ensure that all systems are equipped with the latest patches applied to them. When this is done, potential vulnerabilities within the business for an attacker to exploit are reduced.
Ransomware contains a unique fingerprint when running on the system. This is why it encrypts all of the user’s files. Specialized anti-ransomware solutions use the unique fingerprint to identify and terminate any potential malicious processes.
What should you do when infected with ransomware?
Think of those goosebumps a ransom message may bring to your arms when it arrives on your computer. It signals successful ransomware infection. This is the last thing that you may want to happen to you.
Quarantine your device
You should limit the spread of the malware by denying or removing access to other potential targets.
Check for decryptors
This is done using the No More Ransom Project.
Wipe and Restore
Restore the machine from a clean backup or operating system installation.
Ask for Help
A digital forensics expert may recover files not deleted by the malware.
Leave the computer on
Keeping the computer increases the chances of recovery.
Create a backup
You should make a copy of encrypted files on removable media since decryption of files for some ransomware variants can be possible without paying the ransom.
Anti Ransomware technology by Check Point defends against the most critical variants of ransomware and safely recovers any encrypted data.
Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!