Cybershots - Ransomware

Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.

Ransomware is typically distributed through a few main avenues. These include email phishing, malvertising (malicious advertising), and exploit kits. After it is distributed, the ransomware encrypts selected files and notifies the victim of the required payment.

Take the necessary steps to prevent a ransomware attack to protect yourselves and your data.

Secure Link give you a few tips ( 8 Doses) on how to protect yourselves from Ransomware.

Most ransomware infections occur through an email attachment or a malicious download.

Diligently block malicious websites, emails, and attachments through a layered security approach and a company-sanctioned file-sharing program.

Phase 1: Exploitation and Infection
Malicious ransomware needs to be installed on a computer to be successful. This is often completed through a phishing email or an exploit kit. An exploit kit is a malicious toolkit used to exploit security holes in software applications.

Phase 2: Delivery and Execution
Once exploitation is complete, typically within a few seconds, the delivery of the actual ransomware is delivered to the victim’s system.

Phase 3: Backup Spoliation
In phase three, the ransomware Trojan targets and deletes the company’s backup files. This is especially dangerous because without backup files victims have no way to recover from the attack.

Phase 4: File Encryption
Once the backups are compromised, the encryption keys will be used to unlock the files once the victim pays the ransom demand.

Phase 4: User Notification and Cleanup
Now that the backup files are removed and the encryption is complete, instructions for extortion and payment are demanded. Generally, a company will be given a few days to pay the ransom before the cybercriminals increase the payment amount.

Ransomware can be delivered via “drive-by” infections. Taking advantage of vulnerabilities in common browser plugins, like Flash or Java, simply visiting a compromised site, or even viewing a malicious ad on an otherwise safe site, is all it takes for the malware to take hold. So in addition to keeping your operating system up to date, it’s just as important to keep your browser and its associated plug-ins up to date.

Antivirus software plays a major role in real time protection, its added advantage of detecting threats helps computer and the information in it to be safe. Some advanced antivirus programs provide automatic updates, this further helps to protect the PC from newly created viruses.

Application whitelisting is the practice of specifying an index of approved software applications that are permitted to be present and active on a computer system. The goal of whitelisting is to protect computers and networks from potentially harmful applications.

By staying proactive about your online security and backing up your personal data, you can greatly reduce online threats caused by ransomware.

Don't install software or give it administrative privileges unless you know exactly what it is and what it does.