* Vinicius Melo
ransomware it's a kind of malware that encrypts the victim's files. Attackers or we can also call them cyber criminals demand a ransom from the victim to restore access to data for a fee (usually in cryptocurrency), and costs can range from a few hundred to millions of dollars.
This class of malware is the most profitable in history for criminals, it is the fastest growing crime on the internet, the software not only does it spread at high speed, it also evolves quickly to avoid mitigation attempts.
According to Europol, as of December 2019, more than 45,000 attacks have been recorded in 74 countries. Its main targets are companies, in order to interrupt their productivity and result in lost data and revenue, so the payment of the ransom is more likely, as for example, in early December 2019 a ransomware attacked the system at the Hackensack Meridian Health hospital located in New Jersey in the United States and to regain control over its systems and avoid putting lives at risk, the hospital decided to pay the demands of hackers.
How do you get ransomware?
There are a few ways for ransomware hacking computers, one of the most common methods is through phishing, an attack that usually begins with an email to send the malware. As soon as the user opens the disguised email, accesses a link or click to download a document, the virus gains access to the computer and all devices connected to it. After this contact, the ransomware begins to encrypt the user's files.
Other forms of entry include social engineering, downloads in software malicious of web which can be direct from a website or by clicking “malvertising“, Fake ads that release the ransomware. THE malware it can also spread via chat messages or even removable USB drives.
Types of ransomwares
The attacks of ransomware can be deployed in different ways. Some variants can be more harmful than others, but they all have one thing in common: a ransom payment. Below I selected some types of ransomware and attacks occurred:
Wannacry - It was an attack that spread to 150 countries in 2017, designed to exploit the vulnerability in Windows systems, it was allegedly created by the United States National Security Agency and leaked by the Shadow Brokers group. It affected 230,000 computers, causing an estimated worldwide loss of US $ 4 billion.
CryptoLocker - This is a ransomware looking for valuable files to encrypt and retain as a ransom.
Bad Rabbit - Another attack from ransomware 2017 that spread using a method called drive-by download, where insecure sites are targeted for an attack. The attacks require no action by the victim, other than browsing the compromised page. However, in this case, they are infected when they click to install something that is actually a malware disguised.
Petya - Instead of encrypting specific files this ransomware encrypts the victim's entire hard drive.
What to do if you are infected?
Most security experts, including Microsoft itself, do not advise you to pay the ransom, as there is no guarantee that you will get your data back and further encourage cyber criminals to launch additional attacks against you or any other person. person.
If it is a computer from the company you work for, call the person responsible for the company's digital security. For personal computers, look for a specialist and find the latest backup data performed before the attack.
Currently, there are a number of tools that can remove the ransomware your computer and decrypt the encrypted files during the attack.
With the advancement of technology, ransomwares become more and more powerful, so it is essential to make sure that systems and software on your computer are always up to date, create regularly backups security of your data, using cloud storage that includes encryption and multi-step authentication can further help mitigate or lessen impacts with a possible infection.
* Vinicius Melo is an Information Security consultant at [SAFEWAY]