Ransomware?

 THREAT HUNTER (GUARD YOUR DEVICE)

Ransomware in Device

January 20, 2022

What is Ransomware?

Ransomware is a type of malware that encrypts the files of its victims. The attacker then demands a ransom from the victim in exchange for restoring access to the data. Users are given information on how to obtain the decryption key by paying a charge. The fees can range from a few hundred dollars to thousands of dollars, and they are paid in Bitcoin to hackers.

How does it work?

There are several ways for ransomware to get access to a computer. Phishing spam attachments sent to the victim in an email that appear to be a file they should trust is one of the most popular delivery tactics. They can take over the victim's computer once they've been downloaded and opened, especially if they contain built-in social engineering techniques that deceive victims into granting administrative access. Other, more aggressive ransomware, such as NotPetya, takes advantage of security flaws to infect machines without the need to deceive people.

Once the virus has taken control of the victim's computer, it can do a variety of things, but the most typical is to encrypt some or all of the user's files. The Infosec Institute has an excellent in-depth look at how various types of ransomware encrypt files if you want the technical information. The most crucial point to remember is that the files cannot be decrypted without a mathematical key known only to the attacker at the end of the process. The user is informed that their files are now inaccessible and that they will only be decrypted if the victim gives the attacker an untraceable Bitcoin payment.


Its Target?

There are several target of the attackers:-

1-Education

2-Goverment

3-Finance

4-HR departments

5-Device (Mobile,Mac)


How to minimize the Ransom risk?

1-keep current database backups on air-gapped storage, where the backed-up data is saved on a device that is not connected to the internet.

2-To keep email filtering rules up to date at all times, as well as to provide regular employee training. Teach people on your team how to spot bogus emails and links.

3-Also, be wary of admin credentials. Someone will eventually click on a link in a phishing email, and (virus) will enter your system. The ransomware will have an easier time accessing vital files if the individual who clicked the link has wide open access to your network, such as admin credentials.

4-Layer your security with frequent security software patching, vulnerability management, system hardening, and always-updated endpoint protection suites, as always.

5-Make sure you understand the security policies and technologies in place at any cloud services your company employs.


How to prevent it?

You can take a number of protective measures to avoid becoming infected with ransomware. Following these procedures strengthens your defenses against all types of assaults because they are, of course, sound security practices in general:

1-Keep your operating system patched and up-to-date

2-Don't install software or give it administrative privileges

3-Install antivirus software

4-Back up files

Can Ransom be removed?

Can, here we attached the link to follow: https://www.youtube.com/watch?v=kJuibb9QaWk


Example of Famous Ransom

1-CryptoLocker

2-TeslaCrypt

3-SimpleLocker

4-WannaCry

5-NotPetya

6-Locky

7-LeatherLocker

9-Wysiwye

10-Cerber

11-BadRabbit

12-SamSam

13-Ryuk

14-Maze

15-RobbinHood

16-GandCrab

17-Sodinokibi

18-Thanos


Keep your device safe. We will update to you for new Ransom



References:

https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.

https://www.csoonline.com/article/3208111/who-is-a-target-for-ransomware-attacks.html

© SAS Threat Hunter 

Direct to sasmoza.enterprise Sdn. Bhd for Subscribing News

Comments

Post a Comment

Popular Posts