Ransomware : An Emerging Threat

One day after installing a xyz application from an unknown developer my phone started reacting weirdly and by weirdly I mean some text was displaying on the screen stating “Pay 3 Bitcoin and get access to your phone”. I have no idea as what to do! To access my own phone I have to pay someone? Things started becoming weird after I thought to format my phone at the cost of losing all my data but after I format the message was still there. Finally I decided to get some help from Techiyappa buoy!

What has happened here is known as Ransomware attack. It is type of malicious software that covertly installs on your device like computer or Smartphone without the users knowledge and then encrypt the whole device or data and ask for ransom in order to decrypt it or get back the data. It encrypts file on the system's hard drive, which becomes difficult to decrypt without paying the ransom. According to Kaspersky "Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it. In order to unlock either the device or the data, the user is required to pay a ransom, usually in Bitcoins or another widely used e-currency," So how exactly one can protect ourselves from such attack? What are the countermeasures?

Before the birth of cryptocurrency like Bitcoin, blocking was popular. The malicious software block the access to a user’s operating system or browser until the victim pay the moderate ransom either by transferring money to an e-wallet or sending SMS short code. It was widely used technique and made lots of money for the cyber criminals until the security experts found a way to struck the cybercriminal from the side of payment system. But after the Bitcoin was introduced things changed. Because the Bitcoin was hard to trace and in absence of regulating body it was first choice of cybercriminal for payment system. But why ransomware is becoming more popular? As in ransomware the malware encrypts the file on the system and private files are unique, so users cannot replace them by reinstalling an operating system and because of the strong encryption the victim has to pay the ransom in order to get back the data.

Facts and Figures:

In one year the number of attacks increased more than fivefold: From 131,111 attempts to infect in 2014-2015 to 718,536 in 2015-2016. The top 10 countries for ransomware are:India,Russia, Kazakhstan, Italy, Germany, Vietnam, Algeria, Brazil, Ukraine, and the United States. However the ransomware that people face in India, Algeria, Russia, Vietnam, Kazakhstan, Ukraine, and Brazil is mostly old and relatively mild versions of blockers. In Italy and Germany the situation is even worse; in those countries the word ransomware became synonymous to the word ‘cryptor’. In 2015-2016 four racketeering Trojans were the most active: TeslaCrypt, CTB­Locker, Scatter, andCryakl. Those four families share almost 80% of the “market”.

What are the countermeasures?
1.Make backups regularly or within short interval of time.

2.Use reliable security solutions and do not rely totally on Anti-Virus as it works only against the viruses and do not scan for the malware. (Personally recommend: Kaspersky total security).

3.Keep your operating system updated as company issues the patches to fix any vulnerability and make it hard for such attacks.

4.If you’re already a victim of ransomware attack don’t lose hope without giving a try there are free tools available which might be helpful. (AVG recently released six free decryption tools to retrieve your files : http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/ ).

5.Never download any software or file from unreliable or untrusted developer, always look for the review of that developer.

6.Stay updated on various threats and their countermeasure, visit “techiyappa.blogspot.in” for updates and share it with your friends and families.

Till next post stay updated.