- Get link
- X
- Other Apps
In recent days, Wannacry has grabbed a multitude of headlines, conversations, and especially concerns. And it is that this ransomware-type pathogen has reached a level of diffusion never seen before in other attacks of this type and that as already indicated by Kaspersky Lab in Secure List, in January of last year, its growth rate was already more than accused. And, in this way, it has returned this criminal modality to the forefront of threats from which we must defend ourselves as soon as possible, with all the measures that are within our reach. For this, it is essential to know what ransomware consists of and how it works. And that is precisely the objective of this article, in which we will talk about the threat itself, its operation, preventive measures, and possible solutions if we have already suffered an attack.
What is Ransomware?
We are talking about a type of pathogen whose main objective is to block the system or certain files on it, asking for a ransom (financial) from its owner. This type of attack hangs over all types of devices ... even mobile phones since the first ones were detected on Android two years ago.
How Does It Work?
A ransomware attack is divided into two phases. The first is the infection of a system and the second, the hijacking of it and/or its files. As it does? Simple, simply proceed to encrypt them, so that it is impossible to access them again if you do not have the necessary key. A key that, of course, is only in the hands of criminals.
And that's when the scare comes: the user when trying to access his documents, he finds a message like this:
How to Prevent It?
If prevention is essential with any type of threat, in the case of ransomware this maxim is more important than ever. And it is that, although not always, in many cases, if we have already suffered the attack, it is most likely that we will have to choose between paying the ransom or losing our documents. Therefore, and to avoid reaching that terrible point, it is best to take measures that prevent the attack and/or that, if it occurs, minimize its effects. These are the six keys to prepare for a possible attack:
1) Backups: As we have already indicated, the goal of ransomware is to prevent users from accessing your files. A threat that is completely mitigated if we carry out a good backup policy. Kaspersky Lab's recommendation in this regard is to make two backup copies: one in a cloud service that offers the automatic backup function, and a second in a physical medium (external hard disk, USB memory, etc.). And, this is essential, that we only connect said device to the computer when we make the copy, but that the rest of the time it remains disconnected.
And, thanks to updated backup copies, if we suffer a ransomware attack and our files are encrypted, we will have no problem recovering them from the copies and, therefore, the effect of extortion by criminals will be null in our case.
2) Security and Antivirus Solutions: The system used by ransomware to reach a system is similar to that used by other pathogens and, therefore, a good security solution can prevent a system from becoming infected and, therefore , your files are compromised, becoming a new vector for dissemination. Therefore, having total security software is a key element to prevent ransomware… as well as all other threats.
3) Software Updates: An operating system or an outdated application can become the back door used by a pathogen to sneak into our systems. Therefore, it is essential to always keep the software up to date (and to activate the automatic updates function, if you have it). And, in addition, having original software, since this is the only guarantee when installing or updating an application, that it will not include any type of malware inside.
The most common example of this, although not the only one, is the app stores for smartphones and tablets in which you can find, for free, applications and games that are paid in the official Apple and Google stores. And, in many cases, these pirated copies are usually infected, so without knowing it we are the ones who install the pathogen in our system, to save us the price of the original licenses.
4) Trust Nobody: There are many ways that cybercriminals can use to try to impersonate any of your contacts. To what end? Very simple, to make you trust what they send you and, for example, open a file that they have sent you via email. Thus, a photo, a nice video, or even what appears to be a working document, may actually be masked malware, pretending to be a legitimate file. Here we must use common sense and be alert to any message (especially if it is something we do not expect) and when in doubt, act with caution before opening any file. Again, security software takes on all its importance, as it can help us detect those files that pretend to be trustworthy but, in reality, are pathogens.
5) Check File Extensions: For some versions, by default, Windows hides the extension of the files, for reasons that we can consider purely aesthetic. However, this is something that cybercriminals often take advantage of to "sneak" files that pretend to be one thing but are actually another. And, as we already know, in Windows files can only have one extension, but dots can be used in file names. And what does this mean? Very simple, that if a cybercriminal wants to send us an executable so that we can open it without knowing what it really is, he can call it "Photo.jpg.exe". What type of file would this be? Indeed, an executable, but as Windows does not show the file extensions, what we will see will be "Photo.jpg". And, of course, when thinking that it is an image and that,
6) When in Doubt, Get Off the Network: If you discover that you have been infected by malware, immediately disconnect the system from the network, to avoid becoming a vector for the spread of an infection (like when we stay at home if we have the flu). This will not affect your system if it is already infected, but it will minimize damage to the environment.
Comments
Post a Comment