What is Ransomware? how to prevent Ransomware?

95

1 What is Ransomware?

Ransomware is malicious software that usually makes your computer system data inaccessible to you by encrypting it with cryptography.

The attacker demands a ransom (money) to make the data accessible again by the victim. The attacker leaves it inaccessible forever if that amount of money will not be paid by the victim in a specified time. Usually, attackers only used the anonymous cryptocurrency like bitcoin, monero for the payments.

The ransomware attack is mostly performed on the individual systems, business networks, government agencies and airports by the attackers.

2 How to Prevent Ransomware?

  • Take the backup of your data in some secure offline data storage devices for every update that occurred in your database. So you can recover it fast when required.
  • Be aware of scam emails and do not download unknown email attachments.
  • Take care while browsing, do not click on unknown links and ads.
  • Visit only HTTPS secured websites, check the URLs must begin with “https://” of the website you visit.
  • Monitor your server and network, monitoring tools help to detect the viruses, unusual file access and CPU usage which is useful to block the ransomware activation.
  • Use reputed and legitimate anti-malware or anti-virus software and keep your applications and system updated.

3 Examples of Ransomware

WannaCry

In May 2017, the WannaCry ransomware attack infected more than 230,000 computers worldwide in less than a week. Attackers demand money in Bitcoin cryptocurrency from users by using 20 different languages over 150 countries.

WannaCry attackers demanded US$300 per computer and provided a 7 days deadline to pay them after that all encrypted file got deleted.

WannaCry spread by using an exploit named EternalBlue through the internet.

Bad Rabbit

In October 2017, Russian users reported a ransomware attack named Bad Rabbit through a fake adobe flash update available through a compromised website.

The fake adobe flash update was downloaded from that website and would be installed manually on the computer.

The attacker demanded 0.05 Bitcoin (US$280 on that time) per computer to decrypt the infected files.