Ransomware counter mechanism: Is this how we can fight back?

The year 2015 was rocked by a torrent of Ransomware attacks with CryptoWall, TorrentLocker, TeslaCrypt and Chimera making major headlines across the globe. This year too attackers continue to capitalize on our fear of losing data with new variants such as Locky that targets any Windows user who has an email account. Criminals are resorting to increasingly creative ways to challenge data safekeeping and identifying spaces to do this.

What is a Ransomware?

It is a malware which often encrypts files on a computer and literally demands ransom from users to provide keys or access to their own data. Does paying ransom guarantees data recovery? In most cases, yes. Ransomwares have been highly lucrative for attackers; According to FBI, CryptoWall alone has procured an estimated USD 18 million for cyber-criminals.

Who are being attacked?

As discussed before, attackers are not restricting themselves to just the private data of individuals, corporates are equally vulnerable to being held ransom. CryptoLocker has been making vicious attacks since 2013. It typically targets Windows users, usually entering a corporate network disguised as an email attachment. Once opened, it affects the system and then starts to encrypt network files. Although, antivirus (AV) is supposed to prevent such entry, many a times AVs fail to detect new versions of the malware. Systems running outdated antivirus softwares are more vulnerable to such attacks. Similarly, older versions of OS and browsers increase the probability of infection from such malwares.

Many variants of Ransomware have started using Darknets (networks often used by cyber criminals for anonymity as these can only be accessed with specific software using non-standard communications protocols) for either command or control or to receive payments.

How to counter Ransomware?

While unpatched softwares and outdated AVs expedite the chances of getting hit by any malware, what makes Ransomware more successful is the fact that most users do not back up their data. Hence, when they get a pop up message asking them to make payments, they take the easy way out. All this can be avoided by following some easy steps as listed below:

• Backup your data - it is advisable to maintain at least one backup on offline basis. This could contain if not all but most important of your files. For example, you may store these files on a pen drive or hard-disk and keep them somewhere secure; a locker if you will.
• Use backup programs - to add another level of safety you can use backup programs that encrypt your data, so that only you can restore it. For example, with BitLocker you can encrypt removable disks to create encrypted backups.
   
• Use Spam & Phishing filters - in addition to providing resistance against Spam and Phishing, this can block Ransomware entry via email attachment route.
   
• Block executables - if you are a network admin, you must block executable attachments (files with extensions such as .exe, .rar, .zip) in emails.
   
• Control downloads - also, in offices, access to downloading files should ideally be restricted to trusted staff.
   
• Keep Your AV updated - additonally, make sure that you run a complete system scan on a periodic basis.
   
• Watch your network – network admins are expected to block outbound network connections to malicious sites. Also, they should routinely scan network traffic for any signs of malware C&C (command and control).

So what lies ahead?

Ransomware will continue to dominate in 2016 with increasing ferocity and it is only a question of time before we see things beyond data being ransomed. It is perhaps a while off before we have a sufficient mass of internet-enabled cars or homes, but we should be asking the question: how long before the first car or house is held for ransom?” While this does seem to paint a gloomy picture for the future, internet users can find some solace in the fact that most major cyber-crimes instead of employing highly sophisticated attacks depend on common human errors which could be easily avoided, provided you remain alert and follow standard safety practices online.

Feeling concerned? We recommend you to assess the health of your system and fix issues on priority basis. 

The author is Head of Pre-sales, Sophos (security solution firm )India & SAARC

Nike Air Presto Fly