Top Ransomware Programs and How to Protect Your System from an Attack
Malicious software that uses encryption techniques to hold important data of organizations for ransom has become wildly successful over the past few years. The core purpose of this software is basically to extort money from the victims while promising to restore the encrypted data.
Global Annual #Ransomware Damage Costs:
Frequency of Attacks:
2016: Every 40 seconds
2019: Every 14 seconds
2021: Every 11 seconds#Cybersecurity #Infographic by @CybersecuritySF Sponsored by @KnowBe4 https://t.co/cAY1WBuDyJ pic.twitter.com/pWRUQvWJ0b
— Steve Morgan (@CybersecuritySF) November 9, 2019
Like other computer viruses, it finds its way to a weak device by exploiting a security hole or even by tricking somebody to install it. In many cases it so happens that the victim pays the cybercriminal the amount that is asked out of fear of losing important data forever. The bully could hold your personal files hostage or even keep you away from accessing any important documents, financial information or photos.
WannaCry- A powerful ransomware
About two years ago, a powerful ransomware began to spread across the world. It was WannaCry, which spread like wildfire and encrypted about hundreds of thousands of computers in more than 150 countries within just a few hours. It was the first time that a malware encrypted the user’s files and demanded some money to unlock them. It spread all across the world in what looked like a coordinated cyberattack.
WannaCry struck various high profile systems that even included Britain’s National Health Service. It exploited a Windows vulnerability of the Server Message Block protocol. The protocol helps various nodes on the network to communicate. A single vulnerable and internet exposed system was simply enough to wreak havoc.
LooCipher: A brand new ransomware
This is another latest ransomware that is being distributed in the wild through spam email campaigns. It uses high level windows API libraries like Crypto++ for its encryption routine and this makes it difficult for the Malware Analysis Sandboxes to reverse the binary code. The ransomware encrypts all types of files and is not limited to database files, server files or web applications, backup files, virtual disc files and etc. The functionalities of this malware is pretty straightforward than this belonging to other families.
This ransomware is distributed via the compromised web application server and spam email campaign all over the globe. The attack involves the exploitation of Oracle WebLogic vulnerabilities and of Microsoft Windows vulnerability. The attach is delivered via the malicious macro enabled Word Document or malicious website link that is received through spa, emails. Once the mail is opened or accessed it will download the malware loader which will download the Sodinokibi ransomware as the final payload.
This is another new ransomware that is written in Go language and is found to target the Network Attached Storage devices from the vendors like Lenevo, Synology and QNAP. This ransomware targets the NAS devices by taking the advantage of any weak credentials and then exploits the vulnerabilities. It also uses the SOCKS5 proxy to communicate with the C2 server that is hosted on TOR network. The ransom note is downloaded and the RSA public key is used to encrypt the encryption key for encrypting the victim’s files and offers real time insight on the activity of the malware to the attacker.
Some do’s and don’ts of ransomware:
Ransomware has become a popular market for the cybercriminals and it is now difficult to stop them. So, prevention is the most important aspect that can help you to protect yourself from an attack. Here is what you can do:
- Use a security software
- Keep your security software updated
- Upgrade your operating system and any other software
- Be careful before opening any email attachment
- Take a backup of important data to an external hard drive
- Use cloud services to retain previous versions of files
- Don’t pay the ransom
- Don’t automatically open any email attachments.
Also Read: How to Secure Your ASP.NET Web Application?
How we can help?
Ransomware bullies are targeting innocents and with this attack becoming a common issue, it is very important to minimize your risk exposure. We at IDS Logic can help you to secure your system and your website with our security services and can also help you to monitor your website 24/7. Our technical staff can save your data and personal information in the cloud and protect you from any cyber-attacks.