By Aleksandar Velinov, University Goce Delcev, Štip, Macedonia
What is ransomware?
Ransomware is a type of malware (not a computer virus) that can disable access to a system, computer files or personal data. Often ransomware perpetrators will restore access only if a ransom is paid. Denying access convinces users that they have an urgent need to access their files or private data, hence forcing them to pay a ransom to prevent the dissemination of such data. The case is even more problematic when organisations are targeted. Confidential corporate data or private services users data might be compromised. The thought that the data might be under someone else’s control creates pressure on users and/or organisations. Should the data be leaked, it could damage the reputation of an organisation potentially affecting customers and users confidence.
How can your PC get infected by ransomware?
Phishing emails
Computers can be infected in two ways: by clicking on links that lead to malicious websites and downloading malicious email attachments (documents, applications and so on).
Visiting infected websites
Visiting infected websites can lead to the automatic download of ransomware to the hard drive. This process is also known as “drive-by downloading”. It is also possible to become a victim of ransomware just by visiting a website without downloading anything.
Malicious advertisements
Advertisements (banners, ads, etc.) may contain a malicious link in the background
Attacks due to infiltrating the system
Users who have poor password protection or use unsecured networks can be victims of ransomware attacks.
How do we protect ourselves?
Backup your data
Backing up our data is one of the most effective ways to deal with ransomware. We can keep our backup on an external hard drive or use some cloud storage services.
Avoid clicking on unsafe links and open suspicious email attachments
Update your programs and operating system to the latest versions
Updating programs helps patch existing vulnerabilities that could be exploited by attackers.
Implementation of Intrusion Detection System (IDS)
With IDS we can detect attacks by comparing network logs to signatures from known malicious activities.
Installation of antivirus software and firewall
Antivirus software can scan, detect and respond to this type of security threat. Firewalls need to be configured to protect from cyber-attacks, they are the first line of defence.
Use known sources for download
Using known sources will allow us to download reliable documents or applications.
Use VPN on public Wi-Fi networks
VPN allows to connect to a private network through a public network and sends all the data through an encrypted channel.
What to do if your PC is infected?
- Isolation of infection: Separate the infected computer from the network and any shared storage devices to prevent spreading of the infection
- Use antivirus or anti-malware software to remove ransomware from the computer, if possible
- Try to recover your deleted files, if possible
- Try to find available decrypting tools
- Restore the files from a backup
- Reinstall the operating system
Conclusion
Ransomware is one of the most serious and rapidly evolving types of cyber attacks.
About the Author
Aleksandar Velinov is teaching / research assistant and PhD candidate at the Faculty of Computer Science, University Goce Delcev in Štip, Macedonia where he received his MSc degree in Computer Science in 2016. His fields of interest and research include computer and network security, security of IoT-communication, digital steganography, Internet of Things (IoT), Machine-to-Machine (M2M), big data, big data analysis, learning analytics, cloud computing and mobile technologies.
Also this year GÉANT joins the European Cyber Security Month, with the campaign 'A Community of Cyber Heroes'. Read articles from cyber security experts within our community and download resources from our awareness package on connect.geant.org/csm2022