Internet security | Malware & Ransomware: attacks, protection, removal

Keywords: Internet security, ransomware, malware, antivirus, denial of service, phishing, firewalls.

CONTENTS

• Introduction.

• Dangers and Effects of malware and ransomware.

• Previous attack examples.

• Most attacked: countries, Industries/businesses, devices.

• How to prevent ransomware attacks.

• Internet security audit and consultation.

• What to do when attacked.

INTRODUCTION

For every 14 seconds, there is a company or individual being attacked by ransomware. The victims lose access to their files, their private data is infringed; and the attackers instruct them to pay a ransom to reverse this. Such a situation is detrimental to businesses and companies as it halts the smooth flow of business activity. Are you protected? With regards, to your files, devices, emails, websites, browser, passwords; are you protected from ransomware or malware attacks?

WHAT IS INTERNET SECURITY, MALWARE AND RANSOMWARE?

Internet security software is a computer software that attempts to safeguard computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. Malware attack is malicious software designed to access and exploit computer systems, programs and services. What is ransomware virus? Ransomware refers to a malware in which the attacker encrypts or locks the victim’s data and demands for a ransom in order to unlock or decrypt the data. Phishing is a cyber attack that uses disguised emails to obtain sensitive information such as usernames, passwords and credit card details about a person or business. Denial of service is the action of flooding a network in order to prevent legitimate users of the network from accessing the server or connected systems.

Dangers and Effects of ransomware attacks:

• Loss of data.

• Lost profits caused by downtime.

• Cost of replacing compromised devices.

• Reputational damage.

• Recovery costs.

• Investment into new security measures.

• Potential legal penalties.

• Employee training in response to attacks.

• Infringement of privacy.

MOST ATTACKED COUNTRIES AND INDUSTRIES

The statistic above shows countries that were mostly attacked by the ransomware from June 2018 to June 2019. And the United States of America was recorded to be the most affected one by the system.

To clearly understand the flashpoint of ransomware attacks that it had on exposed industries, have a look at the graph below. Showing manufacturing, government, and services as the top 3 industries.

Image credits: BlackFog

PREVIOUS RANSOMWARE ATTACKS

A recent malware example is the CovidLock, which is a type of ransomware created and implemented in 2020. Fear caused by the Coronavirus (Covid19) has been widely exploited by cybercriminals. This type of ransomware infects victims via malicious files promising to offer more information about the disease that is how this ransomware attack carried out. Once installed, CovidLock encrypts data from Android devices and denies data access to victims. To be granted access, you must pay a ransom of USD 100 per device.

An earlier example which rattled online security is the CryptoLocker. This was one of the most profitable malware attacks of its time. In the period of September 2013 to May 2014, the CryptoLocker ransomware attack is estimated to have affected between 250,000 and 500,000 computers. The ransomware was then sent to its unsuspecting victims via a Trojan hidden within a ZIP file attached to spam emails.

In September 2014, malware detection was furthermore put to the test when a similar attack evaded detection by email filters by requesting recipients visit a rogue website (via a link) in order to look into a failed parcel delivery. This rascal of a website would then download the ransomware payload.

The Petya ransomware adaptation discovered in 2016, was the first ransomware to be allegedly used for a politically-motivated attack. Via a hacked tax preparation program, the malware can spread rapidly and this can affect major business partners across the world.

In May 2017, the WannaCry ransomware, the biggest ransomware attack in history, exploited vulnerable computer users with unpatched and older versions of Windows operating systems. WannaCry is estimated to have affected 200,000 computers, but could have been much worse had a security expert not discovered a kill switch or shut down switch.

From the recent years the list of ransomware examples indicates that the attacks are becoming more cultured, with more disturbing outcomes, especially for companies affected by the ransomware. With better security awareness and due diligence these ransomware attacks could have been avoided – this is a very important consideration bearing in mind where ransomware attacks seem to be headed.

RANSOMWARE PROTECTION AND COUNTERMEASURES

One of the advantages of internet security is ransomware protection and malware protection. When you set up strong internet security for your devices and electronic systems, you get protected from malware or ransomware attacks. And here below is a list of measures to implement in order to set up a strong internet security, the earlier the better because you may never know the minute that the enemy will strike.

Countermeasures against ransomware attacks and effects:

• Backup- It is important to frequently and routinely backup all your files to external drives or cloud drives so that in the event of an attack and you lose access to your files, you can just reset the system, thus removing the ransomware and upload the backup files.

• Using internet security products and softwares- These include Antiviruses which can detect and remove harmful programs or files infecting your system, and Password managers which can store your passwords as encrypted files so that malicious programs won’t have access to them.

• Firewall- Firewall regulates programs that can access the internet or a network. It is advised to only allow trusted and reliable programs to pass through Firewall and access the internet. If a harmful program is allowed through Firewall, it might facilitate a ransomware attack since it can communicate with the attackers; also, it can send your data to its masters.

• Multi-factor authentication- This is a way of computer/system access control in which a user is granted access to his/her account after presenting evidence that he/she is the real owner of the account. For example, LinkedIn sends a code to the account owners’ mobile for every login to verify that it is the real account owner trying to access the account. It is advised to setup or enable two factor authentication or multi-factor authentication for all your important web accounts, especially those containing confidential details.

• Network layer security- There are protection layers/protocols that can be added to electronic systems to prevent infection by harmful programs and files. These include Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for web traffic, and Pretty Good Privacy (PGP) for email.

• Browser protection- It is advised to install security and antivirus extensions/add-ons to your browsers to avoid browsing into harmful and unreliable sites which might steal your data or infect your system. These programs show whether a site is secure or not.

• Email protection- Antiviruses like AVG and GMAIL offer programs that scan emails and their attachment to protect the users from downloading harmful programs sent as attachments in spam emails.

• Open internet documents in Protection Mode- Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full office suite applications or changing settings to always open downloaded or email documents in Protection Mode.

INTERNET SECURITY AUDIT AND CONSULTATION

Holycity freelancers offers internet security auditing and consultation services where we examine companies, individuals or systems for possible security loopholes and advise on ways of strengthening these entities’ internet security. We used well researched and evidence based techniques and knowledge which are frequently updated, all to make sure we protect our clients from any ransomware attacks which may affect, hinder and disturb their business. Do you want an internet security audit and consultation? If yes, email us here.

WHAT TO DO IF YOU ARE ATTACKED UNPREPARED?

Many companies and individuals are attacked unprepared, and their businesses are usually greatly affected. Can ransomware be removed? Yes, most of them can be removed. However, if a new ransomware attack is launched, it might take some days for tools to remove and decrypt it to be developed and distributed. It is advised not to pay the ransom since it’s not guaranteed that your files will be restored because these attackers are thieves, remember?

Things to do when you get attacked?

• Note down the name of ransomware that attacked; usually, the it’s name is the extension name for the encrypted files. Examples are: .encrypted, .mrnice etc. This will help you find the right decryption tool.

• Find a decryptor. Using the name of the ransomware, try to google and find a decryptor for that ransomware in case it has already been developed and published.

• Report the attack to the state’s cybersecurity authority or organisations like Internet Crime Complaint Center (IC3).

• Use softwares like Malwarebyte or HitmanPro to remove the ransomware. Note, removing the ransomware won’t decrypt your files, you will still need a decryptor for this.

• Contact us. We might be able to help you to overcome this attack and recover your files.

REFERENCES

https://www.cisecurity.org/blog/ransomware-facts-threats-and-countermeasures/#:~:text=Restrict%20Internet%20access.,least%20privilege%20and%20network%20segmentation.

https://en.wikipedia.org/wiki/Internet_security https://gatefy.com/blog/real-and-famous-cases-malware-attacks/ https://cofense.com/knowledge-center/ransomware-examples/

https://www.avg.com/en/signal/what-is-malware

https://www.imperva.com/learn/application-security/ransomware/

https://www.google.com/search?q=phishing&oq=phishing&aqs=chrome..69i57j0i67i457j0i67l2j0l4.4073j0j7&sourceid=chrome&ie=UTF-8

https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos

https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security

https://www.metacompliance.com/blog/the-dangers-of-ransomware/

https://www.bitsight.com/blog/ransomware-cyber-attacks

https://www.blackfog.com/the-state-of-ransomware-in-2020/