Ransomware: Cyberspace’s Hazard December 28, 2020 htshosting Post in Cyber Security Internet’s influence and impact cannot be underestimated in today’s world. The growing reach of the Internet can be gauged easily by the fact provided in reports that state, that as of January 2020, there are over 4.8 billion active Internet users in the world. As per the available statistics, the number of active users of the Internet, across the globe, has become double in less than a decade. Internet users’ average yearly growth rate is 8.2%. The exponential rate at which Internet has made its way into the lives of people from all walks of life, is evident from the fact that it took merely four years for the Internet to reach fifty million users globally. Anything popular always becomes an easy target for those that want to exploit it for their own advantage. The same holds true for the Internet, as its reach keeps growing every day and the extent to which our daily activities related to our professional and personal lives depend on it, makes it a prime target for cybercriminals. All that these cybercriminals are waiting for, is one mistake eat the end of the user with regard to ensuring proper cyber security. Cyber attacks become an unwelcome reality wherever Internet security vulnerabilities exist. In the context of cyber threats, malware are encountered frequently wherever proper security measures are found to be lacking. A malware is a collective name given to number of malicious software, such as worms, viruses, Trojans, spyware and ransom ware. The intention for creating and spreading any malware is to cause harm to the targeted computer system on which it gets installed, that network, the server as well as the user of all/any of these. A malware can also be such a computer program that acts covertly in order to cause intentional damage to the targeted computer’s/network’s data. This type of a malicious software contains code which is developed by expert cybercriminals to cause substantial damage to the data as well as the system that it targets. Another purpose that it serves is to gain unauthorized access to a network. Any malware is usually delivered via email in the form of a file or a link. This malware gets installed on the system and becomes active as soon as the user of the targeted system clicks on such a link. The aim of this blog is to shed light upon a malicious software called Ransomware, which is a part of this diverse range of malware. As stated earlier, a ransomware is a type of a malware. Ithas the ability to lock a computer’s screen and additionally encrypt important files (which are predetermined) with a password. When a ransomware gets installed on a computer system, it displays a messages that asks its victim to pay a ransom in order to regain access to his system and its data (this is made possible only after the payment has been made). It puts a victim’s data in jeopardy by either continuing to block access to it or by threatening to publish it, unless the ransom is shelled out by the victim. Ransomware also gets installed via drive-by download attacks on compromised websites. Often ransomware attacks are carried out using social media messaging. Some aggressive forms of ransomware exploit security holes to infect computers. Generic ransomware is not usually individually targeted. Usually attackers acquire lists of emails or compromised websites and then infect those with the ransomware. A ransomware code is not very complex as its main intention isn’t usually to remain undetected for a long duration. The targeted system’s files are made inaccessible by advanced malware that encrypt these files. Next, a ransom is demanded to decrypt such files, as these files cannot be decrypted without the aid of a key that is known only to the attacker. The victim is given the decryption key after the ransom is received. Regardless of whether the ransom is paid or not, such a cyber-attack will always lead to the extraction of important data from a compromised system. The relative ease of implementation of ransomware, along with its potential to extract a high amount of money, makes it one of the most preferred malicious software that cybercriminals like to keep in their arsenal. Ransomware attacks target any individual or organization that has important and valuable data, weak security system in place and insufficiently trained employees when it comes to such attacks. Sectors, such as healthcare, retail, finance and utilities, which have a large volume of data in their systems also become easy targets for such attacks. Recovering such huge volume of data can be tricky, so these prefer to pay the ransom. The prime targets of ransomware are educational institutions and governmental organizations. Educational institutions are targeted mainly because their systems store the social security numbers, medical records, intellectual property, research work related data and financial data of their faculty, staff as well as students. These attacks become successful because such institutes have budgetary constraints, high rate of network file sharing and usually not very well-versed IT teams. Governmental organizations have crucial data, access to which needs to be regained urgently. Hence, these become easy targets as there is the need for immediate recovery of such important data, which leads to these organizations’ willingness to pay the ransom amount without any delay. Ransomware not only puts its victims in a vulnerable position where they risk losing their critical files and data, but also causes them financial loss when they have to paya high amount of ransom. Moreover, it leads to lost productivity, the need for network modifications, increased IT costs, expenditure in the form of legal fees. Hence, it is extremely important to ensure proper security measures to avert a ransomware attack. For the purpose of eliminating or at least reducing the damage that can be caused by a ransomware attack, one needs to not only secure the system and the networkbut also respond appropriately to such an attack. One needs to have an incident response plan, to keep the networks and the system secure. Additionally, one must use anti-spam and antivirus solutions, disable macros script, use and maintain a backup system, keep all systems patched, restrict Internet access, vet and monitor third parties, participate in cyber security information sharing, and last but not the least apply the principles of least privilege and network segmentation. In order to keep the end user secure, one needs to have a reporting plan regarding any suspicious activity and make sure that the users keep their browsers closed when not in use. Along with these simple but effective measures, employees of organizations need to be trained and prepared for social engineering and phishing attacks. In the unfortunate event of a ransomware attack, the system that gets impacted should be immediately disconnected from the network to prevent the ransomware from spreading any further. The data that has been affected and its extent, needs to be determined as well as the availability of a decrypt or (some online resource) needs to be ascertained. Files should be restored from those backups that have been maintained regularly. Finally, such attacks need to be reported to those agencies that handle cyber security related issues. In order to have a safe experience of surfing the Internet and to gain from it rather than lose, one needs to be careful to not become a victim of any cyber attack, such as a ransomware attack. And the surest way to ensure that is by remaining abreast of the threats that exist in the cyberspace and take appropriate security measures to keep those at bay.