Page 21 - Cyber Warnings
P. 21
available in various flavors mainly encrypting files so that victim can’t use them, stopping
important applications like web browsers and preventing victim from accessing the computer.
Top ransomwares are tescrypt, crowti, brolo, fakebsod etc. There are certain stages in the
ransomware attack and figure 3 shows the ransomware workflow. This shows how victim
downloads malware unknowingly and that malware encrypts victims machine and files and the
attacker asks for payment. Also it may be possible that victim downloads the malware from a
received mail rather than visiting infected website.
Figure 3
Major issue that arises due to a ransomware attack is of availability. The files may be physically
present with the user, but the user may not be able to access it, simply because it is encrypted.
After this attack, the attacker generally contacts the victim and asks for some amount of
ransom, preferably in cryptocurrency (eg. BitCoin). Hence definitely financial loss is quite large
in this scenario because it will be sum of business loss due to unavailability and money paid to
the attacker.
Preventive measures for ransomware attack may include:
1. Email Security: Effective and up-to-date mail filtering protocols must be applied so
that mails from unauthentic sources are blocked or reviewed by security officers.
Avoid accessing unverified emails; avoid clicking links in the mails. The attachments
should be scanned by the antivirus; then only it should be downloaded.
2. Detect & Block: Using effective firewalls to block the unwanted traffic so that
malicious attacks/requests from known as well as unknown hosts could be blocked.
21 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
