What is Ransomware & How to Prevent it?
What is ransomware?
Ransomware is a software that is designed to block access to any system, files or operating system until we pay a certain amount to the attacker. Most of the time the attacker will encrypt the files of the computer and they will provide the key to decrypt only after paying the amount they are demanding. Most of the ransomware attack will give very limited time to the victim to pay the demanded amount and if they fail to decrypt it within the timeframe ransomware is able to automatically corrupt and delete files from the victim. Although, there is no guarantee of getting access to files and system after paying the ransom to the attacker.
How to Prevent Ransomware?
Ransomware is a serious threat as it can permanently encrypt important files and delete it from the computer. Therefore, it is very important to prevent these kinds of ransom malware and the steps mentioned below will help to prevent ransomware attacks.
- Regularly update your Operating System and other software because this will help you to apply required patches on your OS released by the vendor. Applying patches will fix the known bugs on OS and software which will prevent your computer from being the target of bad guys.
- Use a trusted antivirus and antimalware program to prevent possible ransomware on your computer. As antivirus and antimalware software regularly update their signature for known malware and virus we must install trusted antivirus software on our computer to get rid of the ransomware. Also, it is important to regularly update the antivirus program.
- Never Install unknown and untrusted software with administrative privileges, if you give administrative privilege to bad software they might modify system files and create a backdoor. Therefore, it is not a good idea to give administrative privileges to software from unknown sources and malicious nature.
- Don't install any third party software if you don't know what that software is doing on your computer. Only install software that you need from a trusted source and from an official link only.
- Don't open email attachments without knowing the sender of the email or without knowing what is attached in the email. If you find anything suspicious you can check those attachments on sandbox environment or in a virtual machine. Also, don't click on suspicious links that you get on email, you can be a victim of a phishing attack and ransomware.
- It is always recommended to make a backup of your important data. You can make a backup of your data in your local hard drive or in the cloud. In case if our computer is infected with ransomware we will have backup data with us so that we can wipe our hard drive and re-install the OS.
- Never pay attacker ransom if your computer is infected with ransomware as there is no guarantee of getting access to the file after paying. Paying ransom means you are funding bad guys and motivating them for bad works, so never pay the ransom. Instead of paying the ransom, wipe your hard drive and restore your files from backup.
If you follow the guidelines mentioned in this article then you can get rid of ransomware from your computer. If you find this article helpful, please share it with your friends, thank you for reading.
Triton: A Malware That can Kill Human
When we think of malware we think of a program that is designed to harm a computer device, servers or network. But these days bad guys are creating malware targetting the critical infrastructure which can deliberately kill people. Malware that is targetting critical infrastructure and human damage is not new in the cyberspace as there were few other cases before like Stuxnet but nowadays such malware is increasing at an alarming rate.
Recently one malware was detected by an experienced cyber responder Julian Gutmanis which could pose a serious threat to human life. The malware was found on the server of the petrochemical plant in Saudi Arabia in the summer of 2017. The initial vector of malware infection is still unknown but it could be the result of a phishing attack. Hacker managed to deploy their malicious program on the plant's safety instrumented system so that they could have full control of the safety system of the plant. Hackers were able to control the plant's system which manages the safety system inside the plant remotely by installing the malware.
After gaining access to the safety system of the plant, hacker could disrupt, take down or destroy the industrial process. In the worst case scenario, the malware could have led to the release of toxic hydrogen sulfide gas or caused explosion, which could kill a lot of people working at the facility and in the surrounding area. Luckily the malware was detected before it could do any damage on the system.
From this incident, it is clear that malware that targets industrial control system are becomming more aggressive and more sophisticated. We have a lot of critical plants which were build before anyone has imagined such cyberattacks. Therefore, it is time to update the industrial control system to defend the possible cyber attacks.
Read Article →
Recently one malware was detected by an experienced cyber responder Julian Gutmanis which could pose a serious threat to human life. The malware was found on the server of the petrochemical plant in Saudi Arabia in the summer of 2017. The initial vector of malware infection is still unknown but it could be the result of a phishing attack. Hacker managed to deploy their malicious program on the plant's safety instrumented system so that they could have full control of the safety system of the plant. Hackers were able to control the plant's system which manages the safety system inside the plant remotely by installing the malware.
After gaining access to the safety system of the plant, hacker could disrupt, take down or destroy the industrial process. In the worst case scenario, the malware could have led to the release of toxic hydrogen sulfide gas or caused explosion, which could kill a lot of people working at the facility and in the surrounding area. Luckily the malware was detected before it could do any damage on the system.
From this incident, it is clear that malware that targets industrial control system are becomming more aggressive and more sophisticated. We have a lot of critical plants which were build before anyone has imagined such cyberattacks. Therefore, it is time to update the industrial control system to defend the possible cyber attacks.
NSA Releases Open Source Software Reverse Engineering Tool called Ghidra
Research Directorate of National Security Agency (NSA) has released an Open Source Software Reverse Engineering tool called Ghidra. This software is very useful for a software developer and security researcher to analyze the source code of various programs. Especially this software can be helpful to find the malicious code inside a malware and can be used to gather information on how malware is functioning. This software has a lot of features, some of the most important features include the ability to disassembly, assembly, decompilation, graphing and scripting. It also supports plugin so one can develop their own plug-in using Java or Python.
Currently, it is available for Windows, Mac OS & Linux and it only supports 64bit version of OS. Ghidra doesn't use traditional installation file to install the program, it comes with a compressed file and it can be extracted on any file directory to run the program.
Ghidra requires Java Runtime and Development Kit on the path to run the application and NSA recommends using OpenJDK distribution from jdk.java.net for a most stable experience.
Here are the download link and other information for Ghidra
Official Website
Download Link
Ghidra Installation Guide
Frequently Asked Questions
Wiki
GitHub Repository
Read Article →
Currently, it is available for Windows, Mac OS & Linux and it only supports 64bit version of OS. Ghidra doesn't use traditional installation file to install the program, it comes with a compressed file and it can be extracted on any file directory to run the program.
Ghidra requires Java Runtime and Development Kit on the path to run the application and NSA recommends using OpenJDK distribution from jdk.java.net for a most stable experience.
Here are the download link and other information for Ghidra
Official Website
Download Link
Ghidra Installation Guide
Frequently Asked Questions
Wiki
GitHub Repository