Ransomware is one of the hottest topics in today’s global world, people are hectic of this cyber attack throughout the globe. In this blog post we would like to share few thoughts about the Ransomware, how do people get affected by those, precautions and prevention to protect yourself from this harmful attack and so on……..

 

What is Ransomware?

Ransomware is the rising trend among the cyber hackers looking for the quick payout. First of all, what is Ransomware? Ransomware is nothing but a small piece of a bug in the software or a malicious software that affect your systems by taking control over all your system files. On taking control over your system files, it encrypts the file asking you to pay the ransom to restore the affected files.

Ransomware is just like a threat works happening in the real life. It’s all about kidnapping the files and demanding the ransom from the user then exchange the kidnapped file in return. But do you think, the file is retrieved, once after your payment is done from $300 to $700? Think over!

Typically it is of two kinds; the first one is the file coder that encrypts the file and the second one is the system lock, which locks the computer screen and stops you from accessing your system until you have paid some ransom.

 

Awareness about Ransomware And How To Protect Your System?

Ransomware is a cyber crook, that spread to your system through any of the followings which have already been hijacked,

1. It might be from any of the compromised websites
2. It might be from any of the handpicked software such as Adobe Photoshop, Microsoft Office, etc
3. By clicking on malicious advertisements, or downloading malicious link
4. Through the attachments sent via unsolicited emails
5. Distributed from any of the victim’s computer and the peer-peer file sharing networks

And so on………… There could be any of these reasons that would easily spread to your computer. So be aware of safeguarding your computer from hijacking.

 

Russia And India Were Targeted

India was one of the major countries affected by the Ransomware attack through the data shared by the Russian anti-virus company “Kaspersky”. According to the calculations, it resulted that 5% of all the systems in India were hijacked by Ransomware.

Mikko Hypponen, one of the chief research officer of cyber security company known F-Secure populated that “India and Russia were the countries particularly hit hard by Ransomware”.

 

Ransomware Testimonials

Below mentioned are the few testimonials of the Ransomware cyber attack and the victims affected;

Cyber Security System Says;

“Ransomware that locked several computers in car factories, schools, commercial shops and hospitals in several countries”.

Rob Wainwright, Europol Director states that;

“The attack was unique with the combination of A WORM FUNCTIONALITY and the infection spread automatically”.

(Reuters) London stated that;

“The attack hit on Friday, 150 countries were affected and it will soon grow when people return to work on Monday”.

 

Latest and fastest spreading Ransomware cryptoworm “WannaCry”

WannaCry is one of the worst worms that was found recently, May 2017. It is a specific Ransomware program that affects all the data from the computer. This attack began on Friday, May 12, 2017, and more than 2,50,000 computers were infected over 150 countries. It demands payment through Bitcoins by just leaving the instructions on how and where to pay.

 But the spread of this cyber worm attack was suddenly halted in a short period by “Marchus Hutchins” through activating a program “Kill Switch” in the malicious software. The researcher identified himself as a “MalwareTech” who works for the Kryptos Logic, LA-based threat intelligence company.

 

WannaCry Decryption Keys

WannaCry functions in such a way by generating a pair of keys (primary numbers) to the Victim’s computer for encrypting and decrypting the files. These keys are erased in the memory by the WannaCry in order to prevent the victim accessing the decryption key by just leaving an option only to pay some ransom.

 

Brilliant Kickoff to the Ransomware

The pair of keys represented by primary numbers gave a kick-off to the WannaCry Decryption Keys. Adrien Guinet discovered the secret encryption key retrieval for free that works on the operating systems Windows 7, Windows XP, Windows Server 2003 and 2008, and Windows Vista. This WannaCry Ransomware Decryption Tool released by Adrien Guinet was “WannaKey”

 

Guinet finally states the discovery behind his secret;

“ WannaCry does not erase the prime numbers(a pair of keys) from the memory before freeing the associated memory”.

Download the WannaKey updated versions

 

Based on the Guinet discovery and the statement, another researcher named, Benjamin Delpy discovered and developed an easy WannaCry Ransomware Decryption Tool “WannaKiwi” that simplifies the whole process of the infected files from the victim’s computer. This tool also works on the similar operating systems.

Download the WannaCry tool from Github

 

Another Latest Attack Of Ransomware Is Deadlier Than The WannaCry

Once after the end of the WannaCry attack, another deadly attack arose as “NotPetya”, which is the variant of the Petya family of Ransomware which was discovered in 2016. It has disrupted at least 2000 organizations across the globe including the United Kingdom, Russia, Ukraine, and the United States. This latest Ransomware is deadlier than the “WannaCry”. WannaCry has some kind of solutions like “kill switch” for the recovery. NotPetya version of Ransomware is quite tedious to recover.

 

WannaCry Versus NotPetya

There are certain key factors of these latest attacks;

The first one is, WannaCry only encrypts the certain important data from the victim’s system. But NotPetya prevents all access to the entire operating system.

The other is, the WannaCry has an option to recover the data with some keys, but NotPetya doesn’t have any keys to recover the data.

Though it is a deadlier Ransomware, every problem has some solution. Unlike the WannaCry “Kill Switch”, the researchers have not yet found any permanent solution rather, they can prevent harming from one computer to another.

The security researchers have discovered the problem and warned that the solution to this issue is a “temporary fix” and are finding the way for resolving permanently

 

How does NotPetya affect the System?

When this Ransomware affects the system, it first searches for the file “perfc,dll”, if this file or the folder is not found, then the Petya takes to hold off the computer by locking the access.

 

Last but not least, “Prevention is always better than cure”. So follow the instructions and the guidelines provided and protect your systems from hijacking.