NEW DELHI: In the first week of September, executives of a well-known publishing house met with a sudden crisis which had them seeking help from Delhi Police.
The company had inter-connected computers through a common server across their offices in many big cities in India. All files on more than those 150 computers across their offices were overnight encrypted by a malware which demanded a high ransom to decrypt the data.
The company had fallen prey to the Locky ransomware, which is believed to have affected millions of computer systems in over 70 countries, including India, in the past month.
Ransomware is a malware that hijacks computers, encrypts important files, denies access to them, and then asks the victim to pay ransoms to have the files decrypted. Ransomware spreads through downloading of malicious email attachments or visiting malicious websites.
In a short span of past eight months, four major ransomware attacks—WannaCry, GoldenEye, Petya and the latest, Locky—encrypted files on millions of devices worldwide, resulting in both individuals and organisations losing access to critical information. According to international cyber security company Kaspersky Lab, India topped the list of countries that were attacked by Teslacrypt ransomware in March-May 2016. The number of users attacked by ransomware in India has nearly doubled from 2015-16 to 2016-17, according to a Kaspersky Labs report.
India was the third worst-hit country by WannaCry. In June, Petya crippled India’s largest container port, Jawaharlal Nehru Port Trust. It brought a terminal with the capacity to handle 1.8 million standard container units to a halt. Karnataka faced the highest number of ransomware attacks in India, followed by Tamil Nadu.
Ransomware as a service or RaaS is a new trend which, experts say, can cause a lot of harm to big companies as well as small and medium businesses because it makes ransomware accessible to common cyber criminals. Anyone with a basic knowledge of hacking can deploy it. Under RaaS, a virus is offered by an expert cyber criminal to anyone for a price or small fee. Anyone can download the virus, deploy it and try to snare a victim. If the deployer of virus is able to attack a system and get the ransom from the victim, he has to pay a certain part of ransom to the author of the code. RaaS can put dangerous weapon of ransomware in the hands of millions of common cyber criminals.
If RaaS gains more traction, ransomware attacks will rise phenomenally and no company could be safe from attacks. Paying off ransom is no longer the best solution because in a large number of cases, companies do not get their data back even after paying the ransom. In such a scenario, prevention is the best option. Based on research by Kaspersky Lab, below are a few steps that can keep you safe from a ransomware attack.
How to prevent a ransomware attack
1. Use different passwords for everysite. Using one common password for all frequent webpage logins makes the path predictably easy to crack for the hackers.
3. Remove all outdated software because expired software programmes and installed apps in your computer serve as the commonest entry points for ransomware.
4. Multi-factor authentication provides an extra layer of security. A phone verified-special code is required along with your password for logging in. This almost makes it impossible for the hackers to swag the credentials even if they get hold of the password.
5. Make sure that you back up your important files regularly.
6. Regularly check that your backup copy is OK. There are times when an accidental failure can inflict damage to your files.
7. Cyber criminal often distribute fake email messages mimicking email notifications from an online store or a bank, luring a user to click on a malicious link and distribute malware. This method is called phishing. With that in mind, fine-tune your antispam settings and never open attachments sent by an unknown sender.
8. Trust no one, literally. Malicious links can be sent by your friends on social media, your colleague or online gaming partner whose accounts have been compromised in one way or another.
9. Enable ‘Show file extensions’ option in the Windows settings. This will make it much easier to distinguish potentially malicious files. As Trojans are programs, you should be warned to stay away from file extensions like “exe”, “vbs” and “scr”. You need to keep a vigilant eye on this as many familiar file types can also be dangerous.
10. Scammers could use several extensions to masquerade a malicious file as a video, photo, or a document (like hot-chics.avi.exe or doc.scr).
11. Regularly update your operating system, browser, antivirus, and other programmes.
12. Use a robust antivirus program to protect your system from ransomware.
What to do after a ransomware attck
1. Identify the ransomware which has infected your computer. For this, you may use a free online service called ID Ransomware.
2. If you are able to identify the ransomware, check if a ransomware decrypt tool is available for your type of ransomware. Try decrypting your data with various tools.
3. If the ransomware totally blocked access to your computer or even restricted access to select important functions, use Kaspersky Windows unlocker, that can clean up a ransomware infected registry, and gives you access back.
4. Report your ransomware case to your local cyber crime cell.
5. If your computer is part of a wider network, remove the infected system from the network immediately.
6. You can get a copy of the impacted files for analysis later on, which might help decrypt the files.
7. Provided you have recent backup of your data, format and reinstall Windows and restore your saved data to make a fresh start.
8. Try using the Shadow Volume Copy Service feature to recover older versions of the files. Freeware ShadowExplorer may make things easier.
9. If your data is critical and you need the access to it back in an urgent basis, paying up the ransom would be the only option you might have.
This article is from the series on ‘Dangers of a connected world’