Ransomware is a type of malicious software or “Malware” which can hold your data hostage.
Top 3 targets of ransomware attacks are professional services firms, public sector, and healthcare business. The reason why ransomware can attack users is because the users download files from the unsecure or unreliable website, or the users receive phishing emails with the following titles, for examples;
- Undelivered Mail Returned to Sender
- Invitation to connect on LinkedIn
These phishing emails include an attachment in MS Word or Excel format, but if you carefully check the file name extension, you will find the “.exe” instead of “.docx” or “.xlsx”. Thus, if you open the attachment, your device can get infected with ransomware.
There are 2 main categories of ransomware attacks as follows.
- Locker ransomware: It tries to access to your file containing important information such as name, ID card number, phone number, address and lock the file or encrypt it to prevent access from the owner.
- Crypto ransomware: It encrypts the files to make them inaccessible and demands the owner to pay for decrypting them. Or it may send a URL “.onion” for the owner to chat and transfer money in bitcoin instead of directly transfer to a bank account. This is to keep the threatener safe from the transaction evidence.
Ransomware attack is like viruses but it has evolved more advance than viruses. For example, Maze Ransomware does not only lock the files but it can steal a user’s files and encrypt them. After that, Maze would threaten the victims with a message to publicly expose all data if the victims refuse to pay the ransom.
There is another ransomware called “Samsam Ransomware” that has evolved to block users from accessing applications and make the backup files unable to be restored.
Another form of ransomware would attack servers enabling RDP (Remote Desktop Protocol) and access a super administrator account, then disable the anti-virus auto protect program. After that, it would steal the important data and install a backdoor in another computer, then delete the backup data.
How to defend against ransomware if you are attacked
You should protect your device before it is infected by ransomware. We recommend to try the following easy steps.
- Install Antivirus program, keep it up to date and always scan files on your device
- Set read-only permission for all files
- Back up your important files and store them in another location at least once a month
In case ransomware takes over your computer although you have tried these basic measures, we recommend 5 anti-ransomware programs to remove it.
- Free Bitdefender Anti-ransomware
- Free Malwarebytes Anti-ransomware
- Kaspersky Anti-ransomware
- Trend Micro RansomBuster
- Zemana Anti-malware
Or you may try another option from CISCO which is called “Advanced Malware Protection”. It can solve ransomware problem for enterprises with a large computer network.
Anyway, as mentioned before it is more important to prevent ransomware attacks than to get rid of them. Basic steps that anyone can do to prevent ransomware is to be careful not to download files from unsecure websites, not open files or click untrusted links. This can help you reduce the risk of ransomware attacks.
Image from: pixabay