RANSOMWARE A MOJOR CYBER THREAT

First of all let's understand what ransomware is. We might have seen this word being associated with terms like hacking and cybersecurity but not know what does it actually mean , ransomware as the name suggests is an attack done to extort money from the victim. In a ransomware attack what basically happens is that a malicious software is used to lock the files containing sensitive data, in order to retrieve the data the attacker demands the victim to pay ransom. Also in ransomware attacks, the victims are threatened that their data will be deleted or made publicly available if their demands are not met. If we jump back in the history of ransomware the first attack was done in 1989 where a trojan was delivered at WHO's AIDS conference using floppy disks, demanding a payment to be sent to a post office box in Panama. And from then till date there have been lots of advancements done in the code as well as in the techniques to deliver the code ,one such advancement is receiving the payment through cryptocurrencies which maintains the anonymity of the cybercriminal.

HISTORY

Ransomware is amongst the major cyberattacks nowadays, specifically after the pandemic.We all know how badly the Covid-19 virus hit the world leading to devastation, cities were locked down and hence the only way to connect with others was through internet and with internet comes internet security. According to research the year 2020-21 was the most active year for cyberattacks. In fact a company fell victim to a cyberattack every 39 seconds. Millions of organisations as well as personal devices were victims of cyberattacks, most of them were ransomware attacks. Amongst the Top 10 cyberattacks occurred in 2021 seven of them were ransomware attacks. Leading companies like Accenture, Acer, Colonial pipeline, JBS Foods also many government agencies were victim on ransomware attacks.

           Growth in ransomware attacks during Covid-19

• There are mainly four types of Ransomware attacks : 

1. Crypto ransomware
2. Locker ransomware
3. Scare-ware
4. Leak-ware

In this blog lets talk about Locker ransomware in detail

What is Locker ransomware?

It is type of ransomware which locks the function/screen of the victims device using a malicious software and the attacker demands to pay the ransom in order to unlock i.e receiving a decryption key to get back the device back to normal.

Locker ransomware uses AES to encrypt the files ,where we don't know the decryption key and hence we need to pay ransom to the attacker in order for the key to unlock.A ransom can be around 500$ upto millions of dollars depending on how much the victim can pay the highest.

The malicious software which is designed to lock the system and its functions is delivered to the victim through phishing emails, social engineering and more such techniques which trick the victim in downloading some file or just even open the file so that the malicious code is executed.

Here is one attack which was done by locker ransomware:

• The Petya ransomware

It was first discovered in 2016, which spread via email attachments. When opened and downloaded, the attachment would execute the malware on victim's computer.

Working of the ransomware - The ransomware encrypts our computers MFT (master file table). The MFT is our computers quick reference guide for every single file on our drive. Without having access to the master file table, your computer cannot find any of its files and thus it can't even boot up. After the petya is installed onto a device, it infects the MBR(master boot record) which is the part of a computers program that is responsible for loading the operating system every time the computer is turned on. Once it is inside the MBR, it forces the computer to restart, then starts to encrypt the MFT along with displaying its ransom note which contains the ransom amount and due date till which the payment should be made.

Can we prevent such dangerous ransomware attacks?

Luckily yes, we can prevent ourselves from being attacked by a ransomware. 

1. Do not open files or attachments from an unknown mail, open only if its legitimate or necessary.
2. Also do not receive call or text from unknown numbers as they might collect personal information to further lure you in a phishing attack.
3. Update your software regularly as software updates patch vulnerabilities which can be exploited by the attacker, also they have other advanced security features which safe guard your device.
4. Do not give software administrative privileges as it can give access to the attacker to carry out various activity.
5. Start using anti-malware tool which will keep your device away from various malware or other cyberattacks.
6. Regularly backup your files, maybe using an external hard drive to backup the files even if they are deleted by the attacker.
7. Try not to download unnecessary files / files which claim theirselves free from the internet as they can contain ransomware worm.
8. Never connect a USB from a unknown source as they can contain the worm which can infect your device.
9. Start using VPN(virtual private network) while on a public Wi-Fi .
10.  Stay updated with cybersecurity related news to gain more knowledge about new attacks which can occur.

So, now we know what ransomware attacks are and how we can prevent ourselves from these dangerous attacks. Writing this blog was a fun and amazing experience as i learned more information about ransomware which i didn't know previously, google dorking, google scholar. 

I would like to conclude this blog with this famous quote :

“The most secure computer is the computer that’s off.”