Tuesday, December 11, 2018

Ransomware attacks!

Independent Television Network Recording Session carried out on the 6th of December 2018 at LK Domain Registry together with TechCert. (TechCERT is Sri Lanka's first and largest Computer Emergency Readiness Team (CERT))

Mr. Kushan Sharma - Manager Engineering TechCERT spoke about : 

Topic 01: Email phishing Attacks
Topic 02: Ransomware

Ransomware Attacks:

It’s every system administrator’s worst nightmare. Hackers gain access to your system, stealing mission-critical information, locking sensitive files, or leaking proprietary information to the public.

Ransomware is, essentially, the digital version of kidnapping. It works something like this. A hacker manages to get a ransomware file onto your servers. Typically, hackers will use some form of phishing, in which a user in your system receives an email with a malicious file attached. Of course, this file doesn’t look malicious. It looks completely legitimate, like something they receive every day.

When a user downloads an attachment and opens the file, if it is a malicious executable file, it will be installed and executed. Further, the attachment contains a script that enables downloading a malicious file and executing the same, it will also be installed and executed.

Once a malicious file is executed, a ransomware file will be deployed, encrypting and locking specific files on the user’s computer or your servers. Once the execution is finished by converting all the targeted files to an unreadable format, generally a ransomware warning message will be displayed on the desktop screen stating that users will only receive a decryption key if they pay a specified amount to the hacker, usually through an untraceable Bitcoin payment.

You may get infected unknowingly by way of downloading malware, spammed mail, compromised websites,


And in case you are infected with a ransomware attack, generally security researcher's advice is not to pay the ransom since there won't be any guarantee of recovering files even if you pay the ransom.

As proactive measures to prevent possible somewhere attacks, you may keep your antivirus solution up-to-date with the latest antivirus signature updates. Further, it is essential to patch your computers with the latest security updates being released by respective vendors to resolve vulnerabilities in their software.

  • Further, As best practices, security researchers recommend following the below steps to prevent you from being a victim of ransomware attacks.
  • Backup your valuable data at least on a weekly basis to an external hard drive.
  • Verify email sources before opening attachments received with emails.
  • Verify email sources before clicking URLs included in emails. Always browse reputed/known websites and keep them bookmarked for later use.

Kushan Sharma
Engineering Manager - IT Security Services
TechCERT, 1st Floor, Bernards Business Park,
106, Dutugemunu Street,
Kohuwala, Sri Lanka
Tel: +94 11 4219125
Mob: +94 77 2337091