Ransomware-Types, Prevention and Warning Signs

You are currently viewing Ransomware-Types, Prevention and Warning Signs

In this post of Terminal Stack, you will get to know about one of the dangerous and widespread Malware called Ransomware. First of all, lets know about malware.

    Malware can be defined as a malicious software which destroys and damages computer systems. Cybercriminals often called “Hackers” destroys or steal system’s data. Ransomware is such malware. It possesses threat to your device but what is so special about this? The word “ransom” itself says it all.

What is ransomware?

    Ransomware is a malware that block access to the victim’s system by encrypting it or by screen locking until ransom is paid. Most of the times, ransom payment has deadline. If the victim exceeds time limit, the data is lost forever.

Most popular two types of ransomwares are

  1. Locker Ransomware

       This type denies access to basic computer functions. This does not target critical files so complete destruction is prevented. Victim can get decryption key only after paying the ransom. In some cases, even after the demand is fulfilled victim is unable to access the data.  

2. Crypto Ransomware

       This encrypts important data such as documents, pictures, files, etc. To restore data victims are asked to pay ransom in the form of Bitcoin.

We always believe “Prevention is better than cure” so, some preventive measures are listed below.

Ways to prevent ransomware infection

  • Keep system up to date.
  • Install antivirus software which prevents execution of malicious files.
  • Back up your data frequently.
  • Use a whitelisting program. This does not allow execution of unauthorized programs.

Also read: https://terminalstack.com/stuxnet-attack-on-natanz-nuclear-facility/

Some of the examples are

  1. Ryuk:

    Ryuk popped up in 2018 and mostly targeted hospitals, government institutions. Ryuk make sure to delete volume shadow copies so that data cannot be recovered by alternative means.

2. Locky:

     First appeared in 2016. It was spread by means of fake email with infected attachments. The encrypted files have “.aesir”, “.locky”, “.odin”, “.osiris”, etc. as their extensions.

3. B0r0nt0k:

     Also known by names such as Borontok, rontok and botontok. It was originated in Indonesia. It is a crypto ransomware which focuses on Windows and Linux based servers. This encrypts a file and gives “.rontok” file extension.

4. Shade/Troldesh:

   It originated in Russia and spread via spam mails with infected attachments. Attachments are generally zip files. The extracted zip is a JavaScript that downloads the malware.

5. Bad Rabbit:

   It is strain of ransomware which mostly targeted media companies of Russia and Ukraine. It first appeared in 2017. It is disguised as Adobe Flash installer but it has some malicious attachments.

Warning signs to know if your system is affected or not

  • Suspicious Emails

          Hackers prefer phishing as way of attacking .Hackers send social emails with malicious attachments.

  • Hacker tools

          MimiKatz and Microsoft Process Explorer are mostly used hacking tools. Presence or traces of these must be immediately investigated.

  • Suspicious login activities

           Failed login happens when someone forget the password. But if someone is trying to login from different accounts repeatedly then the attacker may be trying to break into the system.

  • Trial attacks

           In some cases, attackers perform test ransomware attack to ensure perfect execution. If it fails, the attacker will try again so here is a chance to detect and prevent further destruction of system. 

If your system is infected follow the below steps:

  • Disconnect from networks

    Disconnect your system from wi-fi sources and activate airplane mode.

  • Disconnect external devices

    USB drives, connected phones must be immediately disconnected.

  • Report it out

     Victims must report to federal law enforcement and ask for technical assistance.

Alertness towards such malware attacks can help prevention from complete destruction of system. Keeping an eye on software updates and being in touch of new technology proves helpful. Cybercrimes can be reduced if everyone is aware and take technical assistance from Cyber Crime Investigation Cell.

If you like the post do share it and comment down your thoughts.




Leave a Reply