Preventing and Removal of Ransomware - Essay Example

Ransomware Introduction In the computer virology, there are numerous scientific researchers investigating other malware programs such as Trojan, spyware and worms. The recent cyber threat in a computer system is ransomware also known as cryptovirus. Ransomware is a virtual extortion that uses data encryption, Trojan destruction threat and lockout of the user. The ransomware draws attention in the information systems security researchers and security. The Ransomware causes the users a lot of money and damages to the stored information. Latest Ransomware causes loss of information if there is no backup information and does not pay the ransom. Ransomware is a threat due to inability to recover information from the infected computer. Ransomware is a hijacking threat in the computer system using encryption technology to limit or prevent the user’s access to their system. The Three types of ransomware include encrypting malware, lock-screen viruses and scareware. The ransomware make be in the form of police blocking computer access or FBI virus while others use pornographic images to embarrass the victim. The victims of this malware are usually internet users though hijacking of their user files. It often requires the user to pay ransom to the malware creator before removing the restriction. The attacker may seize the files or computer until the user pays the ransom to online currency accounts such as Webmoney or eGold. The attacks using ransomware are becoming more sophisticated and refined in algorithm posing great challenges to data protection. We will consider the history of ransomware, how ransomware functions in this article. Besides, the paper discusses the reason behind its fast growth, how to prevent it or fix the computer after infection. The increase in the use of ransomware since the formation of the first one raises the question of why they are becoming more prominent. The ransomware is likely to evolve further with the current ones having the ability to encrypt and lock the files. The latest actions of the ransomware ensure the damage they cause continues even after removal without paying the ransom money. History of ransomware As the technology evolves, the malware also evolves in many ways to thrive (Elisan & Hypponen, 2013). . Ransomware has changed over time since the first case in the infection methods, directives and persistence. The early cases of ransomware were benign and easy to remove. However, the new strains are more persistent and pose great threats. The first ransomware is PC Cyborg in 1989 that claimed expiry of license to a software and needed a payment of $189 to unlock. It encrypted all directories in C disk producing an error message to most commands. The program also protected the software from unauthorized use and during leasing of the program of PC Cyborg Corporation. The PC Cyborg is the first encryption malware. The ransomware extortion became prominent in 2005 and afterward used sophisticated RSA encryption scheme. The first infections of this ransomware mainly affected people in Russia but later spread to other countries due to profitability and popularity. The malware only left password-protected files in the user system. The first ransomware created a notepad as a ransom note to the user for $300 in exchange to retrieve the files. The ransomware at this initial stage encrypted only particular type of files. There was the first report of SMS ransomware in 2011. It required users of the infected computer to dial certain numbers. The computer displayed the ransom page until the user paid by dialling the number. The spread of ransomware was throughout Europe, The United States and Canada by 2012. The ransom pages showed the local police instead of the original ransomware display also referred to as Reveton. Those in the US received ones showing FBI while those in France showed Gendarmerie Nationale. The ransomware returned to prominence in 2013 through the propagation of the CryptoLocker. The name CryptoLocker originates from the ransomware ability to encrypt and lock at the same time. The attackers used Bitcoin digital currency in collecting the ransom money from the victims. The malware mainly targeted the users having Microsoft windows on the internet. The attackers mainly threatened to delete private keys if the deadline passes without paying ransom fees. The malware formed a great threat due to its ability to leave the files encrypted even after removal. The ability to encrypt the files besides locking them like in the early version made it harder to deal with than the previous versions. The malware forced the majority of the victims to pay the ransom causing great profitability to the attackers. The most recent is CryptoWall 3.0 that has powerful encryption Trojan since January 2015 (McDermott, 2015). How ransomware work The motive of the attacker determines the nature of the ransomware, but all have codes to hijack and control the computer. Ransomware exploits the vulnerability of the system, takes control of the computer and encrypts the files. The attacker usually reaches the computer through exposed system vulnerabilities. The attacker’s interest is in specific types of files with extension names that are of great importance to the user. The attacker then encrypts the files making them impossible to access. In the encryption process, the attacker may first compress the files to password-protected zip package and delete the original files. Some attackers may encrypt each file and delete the original and I some cases the attacker moves the files to create a pseudophase to deceive the victim. Moving the files and creating pseudophase has the least damage to the files (Gupta & Sharma, 2009). In an enterprise system, successful attacks lead to the encryption of data that the attacker only releases through decryption after payment of ransom. Encryption of these data is usually by use of sophisticated algorithms. Notification to the user is through the striking message that has specific instructions on how to pay the ransom money. The text file or window pop-up is usually in the folder of encrypted files. In some scenarios, the ransomware may lock the screen and prevent the victim from accessing the system. However, in other cases, the ransomware locks the important files until the victim pays the ransom. Ransomware use is growing fast The increasing advancement in technology plays a great role in increasing growth and spread of ransomware. The availability of online currencies drives the proliferation of this criminal activity. The systems make the attackers anonymous that are vital in the extortion systems. The combination of these systems makes tracing the attackers through the payment methods very hard. The virtual currency also like Bitcoin that is decentralized makes very hard to track the attackers. The advanced methods of encryption make the data the data hard to retrieve without the decryption codes from the attacker. Besides, the sharing of data through networks and internet makes the spread of ransomware very easy. The increasing profitability for attackers and popularity of ransomware makes it spread fast. Most of the money launders who are willing to make millions will make the malware and extort money from their victims. The reason behind these profits is ransomware’s ability to infect many computers within a short period. Besides, the malware does not give the victim alternatives since the data encrypted are usually very important. Due to these characteristics, most of the victims pay ransom making it lucrative for the attackers (Europol, 2014). Preventing and removal of ransomware There are some precautions that computer user need to take in preventing infection from the ransomware or need to pay the ransom. The first precaution requires the user to back up important data in a separate location. In the prevention of an attack, the user should bookmark the favorite sites. Bookmarking is important due to the ability of the attackers to add malicious codes to URLs directing the user to downloading the malware. The second means is verification of the e-mail sources before opening attached links or items. Some of the attackers may send the email with links that direct the user to download the malware. Another way to prevent these attacks is updating security software. The software functions through prevention of access to malicious sites and clearing any ransomware in the system. The user should also not click on the ads from untrustworthy companies (Reynolds, 2014). One of the ways to fix the computer after the infection is through payment of ransom although it is not advisable. This method prevents loss of sensitive data seized by the attacker. Removal of ransomware usually requires additional software downloaded on another computer and transferred to USB disk. The security software also can remove ransomware from the system. In using the software, there is a need to reboot and start up in safe mode. Each application has specific instructions displayed on the screen. Another way to clear the ransomware is starting the computer in safe mode then restoring the system without deleting the document. However, in both cases the user may not regain encrypted files by the ransomware without paying the ransom. Recommendation Any user should back up their files as a precaution not to lose the important files in case of any attacks. These precautions are vital in avoiding paying the attackers and making their money laundering business lucrative. Due to the rising cases of attacks any computer user should take preventive measure while on the internet including not clicking untrustworthy ads and confirming e-mail. The computer user should also take preventive measures such as updating security software to limit attacks. The victim should avoid paying ransom unless it is necessary due to the importance of the files. I believe a ransom encourages further attacks to computer users and such action should be the last resort. References Elisan, C. C., & Hypponen, M. (2013). Malware, rootkits & botnets: A beginners guide. New York: McGraw-Hill. Europol. (2014). Police Ransomware Threat Assessment. Europol Public Information. Web. June 30, 2015. Retrieved from: https://www.europol.europa.eu/sites/default/files/publications/policeransomware-threatassessment.pdf Gupta, J. N. D., & Sharma, S. K. (2009). Handbook of research on information security and assurance. Hershey, PA: Information Science Reference McDermott, I. E. (2015). Ransomware. Online Searcher, 39(3), 35-37. Reynolds, G. (2014). Ethics in Information Technology. Boston: Cengage Learning Read More