RANSOMWARE is responsible for the biggest cyber attack the world has ever seen.
The number of enterprise victims being targeted by ransomware is increasing.
Ransomware stops you from using your computer. It holds your computer or files for “ransom”. The recent attack requires payment to the ransom through Bitcoin.
This article describes what ransomware is and what it does, and suggests possible solutions on how to prevent and recover from ransomware infections.
The most vulnerable operating system is Microsoft Windows, especially older versions and those whose antivirus is not up-to-date with latest security patches.
The sources of this document are barracuda, Microsoft, MacAfee, trend micro and Kaspersky Lab.
CNN Money reported that, The technique of using a computer virus to hold data hostage has been around for decades, gaining more notoriety in recent years. But the massive attack that has spread around the world since mid-May 2017 has taken it to a whole new level.
The first documented and purported example of ransomware was the 1989 AIDS Trojan, also known as PS Cyborg.
‘Harvard-trained evolutionary biologist Joseph L Popp sent 20,000 infected diskettes labeled “AIDS Information – Introductory Diskettes” to attendees of the World Health Organisation’s international AIDS conference.
Starting 2011, ransomware moved into big time. About 60,000 new ransomwares was detected in Q3 2011, and more than doubled in Q3 2012, to over 200,000.
What’s most astounding is that from Q3 2014 to Q1 2015, ransomware more than quadrupled. With no signs of slowing down, there are now many, many ransomware variants. source: McAfee Labs Threats Report (varonics.com).
The Zambia Information and Communication Technology Agency (ZICTA) has not yet released statics on how many computer users have been attacked in Zambia.
The authority has acknowledged that there is a virus going on and it has issued a warning to computer usersthrough Facebook page.
Around the world, it has been reported that over two hundred thousand users have been attacked with an estimated loss paid for ransom of over $206 million.
Ransomware mimics the age old crime of kidnapping: someone takes something you value, and in order to try to get it back, you have to pay up.
For it to work, computers need to be infected with a virus, which is usually accomplished by tricking someone into clicking on a link.
In most instances, ransomware is automatically downloaded when you visit a malicious website or a website that’s been hacked.
There are many types of ransomware. Lockscreen ransomware shows a full-screen message that prevents you from accessing your computer or files.
It says you have to pay money (a “ransom”) to get access to your computer again.
Encryption ransomware changes your files so you cannot open them. It does this by encrypting the files.
However, all of them will prevent you from using your computer normally, and they will all ask you to do something before you can use your computer.
They can target any computer user, whether it is a home computer, companies, government agencies.
Wannacry, the most recent popular ransomware, will prevent you from accessing Windows; encrypts files so you cannot use them; stops certain apps from running (like your web browser). It will demand that you pay money (a “ransom”) to get access to your computer or files.
There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your computer or files again.
The recovery of your files depends on where your files are stored and what version of Windows you are using.
Microsoft recommends that before you try to recover files, you should use Windows Defender Offline to fully clean your computer.
Some ransomware will also encrypt or delete the backup versions of your files.
This means that even if you have enabled File History, if you have set the backup location to be a network or local drive, your backups might also be encrypted.
Backups on a removable drive, or a drive that wasn’t connected when you were infected with the ransomware, might still work.
Microsoft recommends that you should: install and use an up-to-date antivirus solution (such as Microsoft Security Essentials).
Make sure your software is up-to-date.
Avoid clicking on links or opening attachments or emails from people you don’t know or companies you don’t do business with.
Ensure you have smart screen (in Internet Explorer) turned on.
Have a pop-up blocker running in your web browser.
Regularly backup your important files.
After you have removed the ransomware infection from your computer, you can restore previous, unencrypted versions of your office files using “version history”.
Make sure your computer is protected with antimalware software.
Microsoft has free security software that you can use: If you have Windows 10 or Windows 8.1, your computer comes with antimalware software: Windows Defender.
If you are using Windows 7 or Windows Vista, you should install antimalware software, such as Microsoft Security Essentials or Windows Defender or third-party security software should be turned on all the time, fully updated, and provides real-time protection.
Ransomware can get on your computer from nearly any source that any other malware can come from. This includes: visiting unsafe, suspicious, or fake websites; opening emails and email attachments from people you don’t know or that you weren’t expecting; clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.
It can be very difficult to restore your computer after a ransomware attack – especially if it is infected by encryption ransomware.
That is why the best solution to ransomware is to be safe on the Internet and with emails and online chat:  don’t click on a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
If you’re ever unsure – don’t click it! Often, fake emails and webpages have bad spelling, or just look unusual.
Look out for strange spellings of company names unusual spaces and symbols.
The lessons shared today can still help you stay protected when you apply them appropriately. Wishing you a great week ahead.
The author is an ICT expert, forensic investigator, IICFIP, PDES, BIT, DIT, ADip.PM, ITIL, MCSZ. For comments, suggestion, questions email kingstonmwila@gmail.com ,WhatsApp +260977689574, +260955689574, Like the Facebook page: www.facebook.com/ictmatterswithkingstonalimwila.