Act now to protect yourself against future attacks

With ransomware attacks coming thick and fast, get proactive about protecting yourself

The WannaCry ransomware attack in May was followed by the Petya attack last week. This attack affected the Ukrainian government and large corporates such as Maersk and Merck. In India, it affected the operations of terminals at Jawaharlal Nehru Port Trust (JNPT), operated by Maersk. According to Kaspersky Lab, the rate of ransomware attacks on businesses grew from one every 120 seconds in January 2016 to one every 40 seconds by October last year. The rate of attack on individuals' computers rose from one every 20 seconds to one every 10 seconds over this period. Today, it has become imperative for everyone, including entrepreneurs and small business owners, to learn how to defend themselves against such attacks. 

         

A trend witnessed in 2016 was the growth of ransomware-as-a-service business model. “Code creators offer their malicious product on demand, selling uniquely modified versions to criminals who then distribute it through spam and websites, paying a commission to the creator,” says Altaf Halde, managing director, Kaspersky Lab (South Asia). He adds that the growth of cashless payments in India will undoubtedly attract the attention of cyber criminals and lead to more attacks in the future.   

Next, let us turn to how ransomware works. An operating system (OS) is a large and complicated piece of software with millions of lines of software code. A malware exploits vulnerabilities within the OS to infiltrate it. An infiltration can happen in multiple ways: If you download a malicious email attachment, visit a code-carrying website, via an infected pen drive, and so on. 

Ransomware is a form of malware that encrypts the files in a critical part of the computer, such as My Documents or Desktop, where people usually store their files. It could also encrypt specific file types, say .doc files. The user is then informed his/her files have been encrypted and warned that unless they pay up within the next few hours, their files will be deleted. Says Udbhav Tiwari, policy officer at The Centre for Internet and Society, Bengaluru: "You first have to first pay the attackers using anonymous money like bitcoins and then they give you the key for decrypting your files." 

 A ransomware attack can be dealt with in two ways: Either pay up to get the files unlocked, or find a way to circumvent the encryption. The latter option can, however, take a fair bit of time.

Among the safeguard measures you should adopt, the first and foremost is, never open a suspicious file. By being vigilant you can avoid a lot of ransomware attacks.
 

Most malwares exploit vulnerabilities within the OS. "These vulnerabilities are frequently patched by the creators of the OS. But if people use pirated OS, or don't upgrade it regularly, they could land in trouble," says Tiwari. Soon after the WannaCry attack, Microsoft had issued a patch. People who updated their computers regularly didn't get affected by it. Also, use the latest version of an OS. 

Safeguards you should adopt

* Back up important files regularly. Check periodically that these files haven’t been damaged

* Enable ‘Show file extensions’ option in Windows settings. Stay away from extensions such as “exe”, “vbs” and “scr”. Many familiar file types can be dangerous as scammers use multiple extensions (such as hot-chics.avi.exe or doc.scr)

* If you discover an unknown process on your machine, cut off the internet connection immediately 

* If you have been infected, find the name of the ransomware. If it's an older version, your files can be restored.

* For restoration tools, visit https://www.nomoreransom.org/ 

Use a quality antivirus (AV) solution, which is usually one you have to pay for. A high-quality AV can even protect you against vulnerabilities not patched by the OS manufacturer. AVs scan files. If they detect patterns indicating the presence of malware, they lock them apart from the rest of the computer, thereby preventing them from spreading. 

One option is to use an OS that is less vulnerable, such as Mac OS and any flavour of Linux. Fewer malwares are designed for these OSes as fewer people use them. 
 

Finally, if your files do get encrypted, don’t pay the ransom, unless instant access to those files is critical. "Each payment only fuels this unlawful business," says Halde.