Ransomware are one of the most severe types of malware that have gained notoriety in the last few years. This type of computer viruses infect target hosts and use advanced encryption methods. The victims are left with their data encrypted or stolen. Utilizing the moment of panic the malicious users force the targets into paying ransom to get their data back. However, that is not guaranteed as there have been a lot of reported cases where the money has been received and no solution has been given to the use. For many of the popular threats decryptors are available for free. In this post we would like to offer you detailed information about typical examples of popular ransomware and how to deal with them.
Brief Information About the Encryption Ransomware Threats
The encryption ransomware that have plagued computer users around the world are one of the most dangerous types of viruses. Their aim is to encrypt files or whole drives using advanced encryption methods. The ransomware may also employ other malicious actions to better protect itself from removal – modification of system files, intrusion into network devices, infection to other hosts, remote control capabilities and other measures.
Criminal attacks usually are accompanied by social engineering tactics used by the hackers. Users are extorted by warning messages, pop-up banners or manipulated operating system notifications that illegal software has been detected or that the victim has been hacked.
Some examples of collateral damage to the system configuration include:
- Modification of the Windows Boot Loader to load the malware in an early stage of the boot up process.
- Malicious permissions modification to files, folders or whole drives.
- Installation of remote access Trojans, viruses and other payloads.
- Manipulation of browser settings, application data and other commonly used software.
- Reconfiguration of operating system settings.
- Disabling of antivirus, antispyware and other software protection measures.
- Creating passwords for local users and the administrative account.
- Spying on users via recordings (including real time) of the microphone, camera, keystrokes, mouse movement and other user activities.
- Scrambling and manipulation of user files.
- Utilization of “time limits” – if the users do not pay the ransomware within the given time frame, then the files will be deleted from their local system.
- Removal of System Restore Backups.
Infection with ransomware in most cases involves downloading or executing files from malicious web sites. The popular ransomware variants usually do not make their presence known to the users and use advanced covert tactics to protect themselves from antimalware applications, antivirus software and other security measures. Once the ransomware has successfully executed their algorithm the user receives the typical notification window alerting the presence of the malware. Common sources of infection include the following:
- Mass email spam campaigns with malicious links and/or attachments.
- Exploits in user software.
- Malicious web site redirection scripts.
- Counterfeit application download links.
- Bundles with other security threats.
- Malicious P2P downloads and fake client software.
Most ransomware installations employ security mechanisms that protect them from detection by security software solutions. They use built-in methods for anonymization of the traffic stream, thereby hiding the identity of the remove control servers. The use of advanced encryption, modified system settings and inflicted damage make them a serious threat. In a large percent of the cases the criminals prefer to receive the ransom sum in the crypto currency Bitcoin which makes the money transfer untraceable.
If the users encounter a ransomware they can use decryptors – special software that neutralize the encryption method and restore the files. Some of applications also tackle the installed ransomware and neutralize them.
How to Protect Yourself from Encryption Ransomware Threats
Ransomware evasion can be hard as these types of threats use various methods in order to spread infected copies to both home users and enterprises. Users and system administrators can protect their systems and networks by following best security practices:
- Don’t store local copies of important data only on one device. Backup all relevant files to external drives or secure cloud services.
- Always apply the latest operating system and user applications updates as they may fix vulnerabilities. In most cases ransomware can be distributed via security exploits, especially with the most popular consumer software such as Internet browsers.
- Don’t use the administrative account or a user with administrative privileges by default. Execute privilege escalation only when necessary.
- Disable Macros execution by default in Office documents, especially when the author or distributor is untrusted.
- Adjust the security and privacy settings in the operating system and Internet browser.
- Do not use outdated plugins or addons.
- Use well-known, trusted and updated ad blockers, anti virus and anti spyware security software.
- Do not open, click or otherwise interact with suspicious and/or unknown emails, browser links and attachments.
- Use secure network connections when typing in sensitive information such as credit card numbers, online banking accounts and email access.
Continue to Part 2 to read about specific examples of ransomware.