Tuesday, December 11, 2018

Ransomware attacks!

Independent Television Network Recording Session carried on the 6th December 2018 at LK Domain Registry together with TechCert. (TechCERT is Sri Lanka's first and largest Computer Emergency Readiness Team (CERT))

Mr. Kushan Sharma - Manager Engineering TechCERT spoke about : 

Topic 01: Email phishing Attacks

Topic 02: Ransomware

Ransomware Attacks:

It’s every system administrator’s worst nightmare. Hackers gain access to your system, stealing mission-critical information, locking sensitive files, or leaking proprietary information to the public.

Ransomware is, essentially, the digital version of kidnapping. It works something like this. A hacker manages to get a ransomware file onto your servers. Typically, hackers will use some form of phishing, in which a user in your system receives an email with a malicious file attached. Of course, this file doesn’t look malicious. It looks completely legitimate, like something they receive every day.

When a user download an attachment and open the file, if it is a malicious executable file, it will be installed and executed. Further the attachment contains an script which enables downloading a malicious file and executing the same, it will also be installed and executed.

Once an malicious file is executed, ransomware file will be deployed, encrypting and locking specific files on the user’s computer or your servers. Once the execution is finished by converting all the targeted files to a unreadable format, generally a ransomeware warning message will be displayed on the desktop screen stating that users will only receive a decryption key if they pay a specified amount to the hacker, usually through an untraceable Bitcoin payment.

You may get infected unknowingly by way downloading malware, spammed mail, compromised websites,
And in case if you are infected with ransomware attack, generally security researcher's advise is to not to pay the ransome since there won't be any gurantee of recovering files even you pay the ransome.

As proactive measures to prevent possible ran someware attacks, you may keep your antivirus solution up-to-date with latest antivirus signature updates. Further it is essential to patch your computers with latest security updates being released by respective vendors to resolve vulnerabilities in their software.

  • Further As best practises, security researchers recommends to follow below steps to prevent you from being a victim or ransomeware attacks.
  • Backup your valuable data at least on weekly basis to a external hard drive.
  • Verify email sources before opening attachments received with emails.
  • Verify email sources before clicking URLs included in emails.Always browse reputed/known websites and keep them bookmarked for later use.

Kushan Sharma
Engineering Manager - IT Security Services
TechCERT, 1st Floor, Bernards Business Park,
106, Dutugemunu Street,
Kohuwala, Sri Lanka
Tel: +94 11 4219125
Mob: +94 77 2337091