Cyber attacks have become the recent trend in the age of computers and crime. With the basic intention of crippling a computer system, these attacks have been plotted against individuals, governments, businesses and much more. These attacks basically involve an intention to harm the entire computer system, network or device so that the crucial data can be stolen. Ransomware cyber attacks are new in the domain with its own drama and demand. These block the access to the data and asks money to release it.
Basically, when a computer is infected, the ransomware encrypts the important files and documents and then demand ransom, typically in form of Bitcoin to release the files. It provides the instruction on how to buy it and displays an address to send Bitcoin to. Now the choice is yours, either you pay or you end up losing all the data.
There are many organisations in the US and Europe that have been paralysed by these ransomware attacks. WannaCry, one of the major ransomware attacks which hit Britain’s National Health Service organisation, earlier this May. It released NHS related documents online for the public and affected more than 230,000 computers in over 150 countries.
After WannaCry, came Petya, this malicious software has spread through large firms which use Microsoft Windows. This infects the system by using the EternalBlue vulnerability in Microsoft Windows or through two Windows administrative tools. The viruses try one option and if it does not work, it tries next. This attack said to have worked profoundly on the loopholes of WannaCry and spread faster than it.
Initially, the outbreak of Petya created chaos amongst the masses but the security experts said that it is just another cyber crime with the use of some childish cyber weapons. The experts speak about the amateurish payment mechanism where the ransom note includes the same Bitcoin payment address for every victim. Generally, the ransomware creates a custom address for every victim. Secondly, the malware asks victims to communicate with the attackers through a single email address which automatically gets suspended by the email provider after they discover what it was being used for. This means that even after someone pays the Bitcoins, they have no way to communicate with the attacker to request for the decryption key to unlock files.
Still, if it actually happens, do you know what to do? The ransomware infects the computer and then waits for about an hour before rebooting the machine. Switch off the computer while the machine is rebooting so that you can prevent your files from being encrypted. If machine reboots and you see the cautionary message of not switching off the computer, Beware, this message is a part of the encryption process and just power off your machine immediately. This will save your files. Even after this, if the system reboots with the ransom note, don’t pay it. Disconnect your computer from the internet, reformat the hard drive and reinstall all your files from the backup. Many antivirus companies have come up with the antidote to it. Windows has also surfaced some instructions to fight against the EternalBlue vulnerability. So, simply keep your anti-virus software updated and your back ups ready to fight these cyber attacks.