What is Ransomware?
Ransomware is a type of denial of access attack. In this, an attacker uses some Trojan that has a payload disguised as a legitimate file. A simple Ransomware will not allow the user to use the computer and ask them to perform something before the user can access the system.
Types of Ransomware
There are mainly two types of ransomware in circulation:
Encryptor: It encrypts the system using encryption algorithms
Locker: It locks the victim out of the operating system and does not allow him to use the files and apps from the desktop. The files are not encrypted in this case.
Some versions also infect the Master Boot Record, which stops the booting process and asks for ransom.
What is its impact?
The main impact of Ransomware is:
- Prevents the user from accessing the system
- Encrypts the file, so the user cannot use it
- Stops certain applications / services from running
What is WannaCry?
It is a type of ransomware which encrypts all the data of the attacked system and prevents the user from accessing it. Then the program puts a screen in front of the user, asking them to pay the money with a countdown to get the access of the system back. The money keeps increasing as time progresses and at the end of the countdown, it destroys all the data.
It uses a Windows vulnerability to infect the victim’s systems. After affecting the computer, it replicates itself multiple times and spreads and attacks all the vulnerable systems in the entire network.
What is Uiwix?
When WannaCry starts to spread, a security researcher found its kill switch, which helped to stop the attack. The attackers realized that and they re-launched the attack with a fix which could not be stopped by that kill switch.
How to fix it?
Once the attack starts, it is too late to do anything about it. As of now, there is no way to fix it. Even paying money will not guarantee that the user will get the data back. Only 42% victims have got their data back after paying the ransom.
How to prevent it?
Humans are the weakest chain in the whole process. The following are some preventive measures that one can take –
- Do not store all important data on one computer or network. Take regular backups and keep it on an external hard-drive or on the cloud
- If taking backups on the cloud (like Dropbox, Google Drive, etc.), then these should not turn on by default. They should be running only to sync the data and then closed properly
- Do not use plug-ins (like Flash Player, Adobe Reader, Java, Silverlight, etc.) in default mode. Change the browser setting, so it takes your permission every time it has to use those plug-ins
- Remove all outdated plug-ins from your browser
- Do not open any suspicious e-mail
- Do not access any link which you are not sure of
- Do not download any file which you are not expecting
- Keep all your software up-to-date