TECHNOLOGY

Deconstructing Ransomware Attacks and What You Can Do

Ransomware attacks aren’t first of its kind to threaten cyber security, and they certainly won’t be the last.

Share on
BY Jared Carl Millan - 22 Aug 2017

ransomware attacks

PHOTO CREDIT: Getty Images

The speed of technological advancement is ever increasing, which makes it harder for the common man to keep up with all the changes happening in the tech industry — including, unfortunately, cyber threats.

The most pressing of late are the ransomware attacks, such as Petya and WannaCry.

It is one of the most alarming threats in recent years, and all start-ups should pay attention.

David Freer, McAfee’s vice president of consumer – Asia Pacific explains what it is: “Ransomware is a form of malware that blocks access to and threatens destruction of all the files on a user’s device until a ransom is paid to have the system unlocked.”

What makes it particularly devastating is that aside from the possibility of losing precious data on the part of both the enterprise and consumers, businesses will also experience operational disruptions.

Freer worries for consumers in particular, because they are “viewed by cybercriminals as soft-targets as they may lack the know-how when it comes to dealing with a ransomware attack and are more likely to easily give in to the demands of these cybercriminals in a bid to get back their personal data.”

Thus, it is important that awareness for such malicious attacks is raised. So how are ransomware attacks like Petya different from the ones that came before it?

“The similarity that Petya and WannaCry share is that both attacks exploited the same vulnerability in devices,” says Freer. “Anybody running devices that have not been kept up to date with the latest software updates from Microsoft could be vulnerable to the Petya attack.”

Unlike usual ransomware such as WannaCry which blocks access from files, Freer adds that Petya holds the entire system under ransom, rendering the device unusable. He explains that users under attack by Petya will not be able to turn on their devices to recover any files because once the device is switched back on, Petya will take over.

Freer says, “Our analysis comparing Petya to previous ransomware families such as WannaCry supports the idea that this attack was not ransomware but was intended to maximize destruction. The attacker’s decisions regarding propagation suggest they may have had a certain group or groups in mind as targets.”

Protecting yourself

Ransomware attacks aren’t first of its kind to threaten cyber security, and they certainly won’t be the last. For now, the best defense against them is by arming your start-up with as much knowledge as possible.

If you find yourself suddenly under attack, Freer advises that you immediately disconnect affected devices from networks, such as WiFi, to prevent further damage to other devices connected to the same networks.

“Paying ransom must never be an option as hackers will only continue to repeatedly attack devices demanding for ransom to be paid,” he says. “There is also no guarantee that their files will be decrypted. If the user has a recent backup of data, he or she should do a clean reinstall of Windows and restore backed-up data to make a fresh start.”

Once you’ve successfully rid your devices of the attack, what should you do? Freer says: “It is important to for users to be aware that such risks exist and that users need to be educated on better cyber security practices to mitigate against future ransomware attacks.”