How does Ransomware spread?Ransomware is a kind of malware that blocks or encrypts user’s files and demand a ransom in order to decrypt them. These malicious programs mostly spread by tricking the users to click on some popups which may have appeared to be safe and sound. Once such a spurious popup is clicked, a ransomware program gets installed to the system and finds files with extensions like JPG, XLS, PNG, PPT, DOC, etc. These files are generally important ones in any computer system. The installed program then informs the user to make a payment to the perpetrators generally in the form of cryptocurrencies. The payment is generally done in this way so that nobody can trace the identity of the team spreading ransomware.
Attackers generally uses Tor protocol to conceal their location.Along with this, ransomwares also spread via traditional mailing system. More than 60 percent of ransomware spreads via an email (specifically as a Microsoft Word document or a .ZIP file). According to Cisco Systems’ 2017 Annual Cybersecurity Report, 65 percent of email traffic is spam and about 10 percent of the global spam observed in 2016 was classified as malicious.Financial damages due to ransomware:Businesses as well as individuals need to be fully aware of the threat posed by ransomware and make cybersecurity a top priority.
According to Kaspersky, every 40 seconds a company gets hit with ransomware. Moreover, attacks on business has increased three times in 2016. The ransomware attack can definitely disrupt critical systems and sensitive data.
In 2015, ransomware accounted for a damage of roughly about $325 million according to the Microsoft. In 2016, the damage cost was predicted to reach $1 billion by Cybersecurity Ventures. According to Cisco 2017 Annual Cybersecurity Report, ransomware is growing at an annual rate of 350%. Other than financial impacts, there is permanent or temporary loss of sensitive or proprietary data. Moreover, the regular operations get disrupted. On an organizational level, it potentially harms the organization’s reputation. Even on paying the ransom, one may not guarantee that the encrypted files will be decrypted.
In addition, it cannot be said that the malware infection has been completely eradicated from the computer system.Conventional ways of tackling Ransomware:One must ensure that an antivirus is installed and is up to date. Though an antivirus could be a first line of defense as it is based on signatures thus new variants may slip through cracks. In an organization its best to have a multi-faceted security solution that could provide enhanced protective technologies such as firewalls, behavioral-based threat prevention, heuristics, etc.
Security awareness campaigns should be organized that stress the avoidance on being easily tricked by the spurious links and attachments in email. Since most users never think twice before opening such bogus links, phishing has become a common entrance vector for ransomware which is eventually extremely successful.Moreover, it has become extremely important to backup the data. It’s recommended to remove the external storage device once a backup has been taken so that if ransomware does infect the computer, it won’t be able to touch the backup. Also, GPO restrictions are an easy yet affordable way for restricting any kind of malware. GPO has the ability to provide granular control over the execution of files, thus, enhancing the security of the computer system.