Centre for Internet & Society

There was Wannacry, then Petya, and several other lesser-known ones: With ransomware attacks coming thick and fast, get proactive about protecting yourself.

The article by Sanjay Kumar Singh was published by Business Standard on July 5, 2017.

The Wannacry ransomware attack in May was followed by the Petya attack last week. This attack affected the Ukrainian government and large corporates like Maersk and Merck. In India it affected the operations of terminals at Jawaharlal Nehru Port Trust (JNPT), operated by Maersk. According to Kaspersky Lab, the rate of ransomware attacks on businesses grew from one every 120 seconds in January 2016 to one every 40 seconds by October that year. The rate of attack on individuals' computers rose from one every 20 seconds to one every 10 seconds over this period. Today, it has become imperative for everyone, including entrepreneurs and small business owners, to learn how to defend themselves against such attacks.          

A trend witnessed in 2016 was the growth of ransomware-as-a-service business model. "Code creators offer their malicious product on demand, selling uniquely modified versions to criminals who then distribute it through spam and websites, paying a commission to the creator," says Altaf Halde, managing director, Kaspersky Lab (South Asia). He adds that the growth of cashless payments in India will undoubtedly attract the attention of cyber criminals and lead to more attacks in future.   

Next, let us turn to how ransomware works. An operating system (OS) is a large and complicated piece of software with millions of lines of software code. A malware exploits vulnerabilities within the OS to infiltrate it. An infiltration can happen in multiple ways: if you download a malicious email attachment, visit a code-carrying web site, via an infected pen drive, and so on.

Ransomware is a form of malware that encrypts the files in a critical part of the computer, such as My Documents or Desktop, where people usually store their files. It could also encrypt specific file types, say, such .doc files. The user is then informed that his files have been encrypted along with the warning that unless he pays up within the next few hours his files will be deleted. Says Udbhav Tiwari, policy officer at the Centre for Internet and Society, Bengaluru: "You first have to first pay the attackers using anonymous money like bitcoins and then they give you the key for decrypting your files."

A ransomware attack can be dealt with in two ways: either pay the money and get the files unlocked, or find a way to circumvent the encryption. The latter option can, however, take a fair bit of time.

Safeguard measure you should adopt

  • Back up important files regularly. Check periodically that these files have not  got damaged
  • Enable ‘Show file extensions’ option in Windows settings. Stay away from extensions like “exe”, “vbs” and “scr”. Many familiar file types can be dangerous as scammers use multiple extensions (like hot-chics.avi.exe or doc.scr)
  • If you discover an unknown process on your machine, cut off the Internet connection immediately
  • If you have been infected, find the name of the ransomware. If it's an older version, your files can be restored. For restoration tools visit https://www.nomoreransom.org/

Among the safeguard measures you should adopt, first and foremost, never open a suspicious file. By being vigilant you can avoid a lot of ransomware attacks.

Most malware exploit vulnerabilities within the OS. "These vulnerabilities are frequently patched by the creators of the OS. But if people use pirated OS, or don't upgrade it regularly, they could land in trouble," says Tiwari. Soon after the Wannacry attack, Microsoft had issued a patch. People who updated their computers immediately didn't get affected by it. Also, use the latest version of an OS.

Use a quality antivirus (AV) solution, which is usually one you have to pay for. A high-quality AV can even protect you against vulnerabilities not patched by the OS manufacturer. AVs scan files. If they detect patterns indicating the presence of malware, they lock them apart from the rest of the computer, thereby preventing them from spreading.

One option is to use an OS that is less vulnerable, like Mac and Linux. Fewer malware are designed for these OS as fewer people use them.

Finally, if your files do get encrypted, don’t pay the ransom, unless instant access to those files is critical. "Each payment only fuels this unlawful business," says Halde.

Filed under: