RANSOMWARE

 

Ransomware is malware that typically enables cyber extortion for financial gain. Criminals can hide links to Ransomware in seemingly normal emails or web pages. 

Once activated, Ransomware prevents users from interacting with their files, applications or systems until a ransom is paid, typically in the form of an anonymous currency such as Bitcoin.

Ransomware is a serious and growing cyber threat that often affects individuals and has recently made headlines for broader attacks on businesses. Payment demands vary based on targeted organizations, and can range from hundreds to millions of dollars.

Ransomware is often introduced into an organization through phishing emails, but it may also be introduced via exploits, USB drives and other media containing malware. It functions quickly. It spreads from machine to machine via the corporate network, affecting endpoint devices (PCs, laptops) and servers, and can also spread to storage media on the network. Once files are encrypted it is (for all intents and purposes) impossible to unlock them.

 

Preventive Measures/Precautions

1. Good practice suggests that for an organization to be well prepared for this kind of attack, it will require good backups from which it can restore data.

2. The second level of protection is to implement technology on email and web gateways that scans for known or suspicious URLs. Such solutions are useful in sorting legitimate content from malware or unknown but suspicious sites.

3. The third layer of defence is to have technology installed on the endpoint. This typically monitors the behaviour of processes and detects activity that indicates Ransomware behaviour.

4. The fourth level is the use of network security solutions that can detect ransomware before it executes and can quarantine the suspicious process.

5. Keep your third party applications (MS office, browsers, browser Plugins) and operating systems up to date.

6. Should have genuine updated antivirus, installed in your system

7. Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution.

8. Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list.

9. Never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through browser

10. Maintain updated Antivirus software on all systems

11. Disable macros in Microsoft Office products. Some Office products allow for the disabling of macros that originate from outside of an organization and can provide a hybrid approach when the organization depends on the legitimate use of macros. For Windows, specific settings can block macros originating from the Internet from running.

12. Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.

Advise for victims

1. Immediately take the backup of the remaining data.

2. Disconnect the infected system from the internet and the LAN.

How to make a complaint

In case you are the victim of Ransomware immediately gives written complaint to your nearest Police Station with the following documents:-

1. EMail id /phone number or any other means of communication through which ransom has been demanded.

2. If malware was sent in the attachment of the mail. Screen shots of the mail with full header of first receiver should be provided.