Technological evolution has created a global world, fully connected, online, where information flows constantly and where the identity of the human being is in the background.
In this global environment, of everyone and for everyone, there are no rules or mechanisms that really limit and control the actions that can or cannot be done (beyond personal ethics).
The lack of effective controls, together with the capacity for anonymity and invisibility that exists on the Internet, is the origin of the biggest problem in this global world, the security of our data and identity.
What is Ransomware
It is malware (malicious software) that once it infects a computer, encrypts its files and all those files to which the computer has access (network files). It may also have the ability to infect other computers on the company network.
In this situation, the files are not accessible , they have been seized through an encryption process whose key the computer criminal has. To reverse this situation, the hacker demands the payment of an economic amount.
The ability to recover our information without paying the ransom is slim, but there is always a possibility that should be checked with your service provider or security specialist.
How does it get to our computer?
The ways in which this malware can infect us are multiple and always related to carelessness or ignorance of the user. If a series of basic security guidelines were followed by the user, this type of infection would be considerably reduced.
The most common methods of infection are the following:
It is the most widespread means of infection. Spam and phishing techniques are used so that the user executes an attached file or accesses a false web page (normally from public bodies, banks, transport companies, etc.) where the user downloads the code through a link evil one.
There are also more direct cases where the user receives a message with an attached file that directly contains the malicious code, simulating the proof of a purchase, invoice, etc.
Websites (Web Exploit Kit):
This technique uses a whole series of tools (exploit kits) that are responsible for searching for vulnerabilities in browsers or their plugins.
When the user browses certain “unreliable” sites, they may be redirected to a page containing the Web exploit kit, which will try to find a vulnerability in the browser or plugins and inject the malicious code.
Via other malware:
This means of infection uses other malware whose function is to install unwanted software on the computer. When the computer is infected by this malware, it will try to download the ransonware and run it.
Through RDP services:
Through remote desktop services (RDP Remote Desktop Protocol). Attackers scan networks for these services (primarily terminal servers) and then try to breach security using special tools.
In many cases, the use of predictable usernames and easy passwords makes it relatively easy for criminals to access and execute the ransomware.
It is usually advertising found on “unsafe or unrecommended” sites (pornography, pirate programs, etc.). In these places there are many fraudulent advertising banners, whose function is to contaminate with the malicious code (directly or indirectly) once it is accessed.
It is clear that this type of threat is becoming more and more real and that we will have to get used to living with the possibility that at any moment we could be victims.
The infection capacity of these malware is increasing and more effective, so an audit of the computer system to adapt methods and protocols to this reality.
The only way to minimize the damage caused by Ransomware is with professional backup policies (multi-versions, replicated, off-line, etc.) More information
The user has to be very aware of what he is doing and the scope of his actions, since most of the time ignorance is the main cause of infections.