How does Ransomware spread?Ransomware is a kind of malware that blocksor encrypts user’s files and demand a ransom in order to decrypt them. Thesemalicious programs mostly spread by tricking the users to click on some popupswhich may have appeared to be safe and sound. Once such a spurious popup isclicked, a ransomware program gets installed to the system and finds files withextensions like JPG, XLS, PNG, PPT, DOC, etc. These files are generallyimportant ones in any computer system. The installed program then informs theuser to make a payment to the perpetrators generally in the form ofcryptocurrencies. The payment is generally done in this way so that nobody cantrace the identity of the team spreading ransomware.
Attackers generally usesTor protocol to conceal their location.Along with this, ransomwares also spreadvia traditional mailing system. More than 60 percent of ransomware spreads viaan email (specifically as a Microsoft Word document or a .ZIP file). Accordingto Cisco Systems’ 2017 Annual Cybersecurity Report, 65 percent of email trafficis spam and about 10 percent of the global spam observed in 2016 was classifiedas malicious. Financial damages due to ransomware:Businesses as well as individuals need tobe fully aware of the threat posed by ransomware and make cybersecurity a toppriority. According to Kaspersky, every 40 seconds a company gets hit withransomware. Moreover, attacks on business has increased three times in 2016.
The ransomware attack can definitely disrupt critical systems and sensitivedata. In 2015, ransomware accounted for a damage of roughly about $325 millionaccording to the Microsoft. In 2016, the damage cost was predicted to reach $1billion by Cybersecurity Ventures. According to Cisco 2017 Annual CybersecurityReport, ransomware is growing at an annual rate of 350%.
Other than financial impacts, there ispermanent or temporary loss of sensitive or proprietary data. Moreover, theregular operations get disrupted. On an organizational level, it potentially harmsthe organization’s reputation. Even on paying the ransom, one may not guaranteethat the encrypted files will be decrypted. In addition, it cannot be said thatthe malware infection has been completely eradicated from the computer system. Conventional ways of tackling Ransomware:One must ensure that an antivirus isinstalled and is up to date. Though an antivirus could be a first line ofdefense as it is based on signatures thus new variants may slip through cracks.In an organization its best to have a multi-faceted security solution thatcould provide enhanced protective technologies such as firewalls,behavioral-based threat prevention, heuristics, etc.
Security awarenesscampaigns should be organized that stress the avoidance on being easily trickedby the spurious links and attachments in email. Since most users never thinktwice before opening such bogus links, phishing has become a common entrancevector for ransomware which is eventually extremely successful.Moreover, it has become extremely importantto backup the data. It’s recommended to remove the external storage device oncea backup has been taken so that if ransomware does infect the computer, itwon’t be able to touch the backup.
Also, GPO restrictions are an easy yetaffordable way for restricting any kind of malware. GPO has the ability toprovide granular control over the execution of files, thus, enhancing thesecurity of the computer system.