#TechExchange Urgent: Protect Your Network From the Menacing Ransomware Now

He looked at, me with desperation, and almost whispered, “Can’t you do something my man?” I promised to revert back to him with a solution, this was the second incident in as many days where a client had asked me for a solution to what has become  the “most serious” threat on the internet; RANSOMWARE aka Crypto-Ransomware.

By Prof Changamire 

What is this threat that is constantly evolving at such a rapid pace and with the same deadly efficiencies as notorious worms of the past, such as SQL Slammer et al? It is no surprise then that the next wave is going to be more bold and malicious this is evidenced by how the attackers have migrated from “indiscriminate shooting in the dark hoping to hit a target” where payloads were delivered via mass distribution root kits etc, to cryptoworms or self-propagating payloads, and a potential increase in the price of decryption keys, though the exact attack vector is anyone’s guess.

cryptoware

Cryptoware has basically 5 stages which I will break down here as follows.

  1. Installation

Registry changes are made to enable auto startup of the infection.

 

  1. Contact Its Servers

At this point the ransomware contacts its home servers

 

  • Handshaking

The victim PC authenticates with the attacker’s server which generates 2 cryptographic keys, a set will be stored on the victim’s whilst another is kept at the remote server

 

  1. Initiates Encryption

The victim’s files with all common file extensions are encrypted

 

  1. Exhortation

A message is usually delivered asking for ransom and a time limit where the attackers threaten to destroy the decryption key

 

 

According to the Cyber Threat Alliance, a group of leading cyber security firms, last year estimated that global damages from CryptoWall3 totaled US$325 million in the first nine months of 2015 alone, Africa and Zimbabwe in particular are not exceptions to this menace.

Whilst it is true that everyone is vulnerable to this attack, some precautions are worth taking such as

  1. Updated OS with necessary security patches.
  2. Use advanced end-point protection e.g Avast or Eset
  • Increasing security on your internet facing side of your LAN
  1. Discourage “click happy” users from opening emails from unknown users
  2. Opening attachments that lead to a URL rather than a file type.
  3. Enable Web filtering
  • Restrict Write permissions on file servers as much as possible
  • Perform regular offline backups
  1. Disconnect from network the moment you suspect infection
  2. EDUCATE USERS

This is not exhaustive but should protect you and your network.

To pay or not to pay the ransom is more of a moral question that you would have to make.

Prof Changamire is a young proud, trailblazing African IT consultant who owes much of his knowledge to those who had the patience to show him the ropes and awaken his hunger for IT, and the power of social collectivism.

Marvelous Chibagidhi

#TechJob: Web Developer Internship

Previous article

Gtel Launches New SmartPhone, (SL8) In Bulawayo Tonight !

Next article

Comments

Leave a reply

Your email address will not be published. Required fields are marked *