There has been an increase in Ransomware attacks due to hackers targeting cities and state governments in addition to businesses. This has caused an uptick from 2018 to July 2019 in ransomware attacks on cities, counties, and state governments. Many cities and state governments in the past few months alone have been hit by ransomware attacks. The cities include Albany, New York, Baltimore, Maryland, Atlanta, Georgia, Lake City and Riviera Beach, Florida, Greenville, North Carolina, Stuart, Florida, Cleveland, Ohio, Augusta, Maine, Lynn, Massachusetts, and Cartersville, Georgia. This constitutes a need to worry about future ransomware attacks on cities and different forms of government. This is due to the targeted systems being a necessity for a city or government and to share important information. This calls for an increase in education for staff to be more cautious on what they click on, and to understand how ransomware could infect a computer or system.
Ransomware infects a computer through a few ways. Ransomware commonly infects systems through email phishing campaigns. The emails sent by the hacker commonly contain a malicious link or file which tricks a potential victim because the email looks like it is coming from a legitimate source. Once the fake email is created and sent, there is a process from receiving it, to turning into a ransomware incident.
Steps for ransomware through phishing:
- The hacker sends the email with a malicious link to the potential victim.
- The potential victim clicks on it, which downloads and installs the ransomware on the computer.
- The ransomware starts the process to encrypt the data on the computer and if it is connected to a network; the ransomware tries to target, install, and encrypt files on other computers connected to the network.
- After the ransomware finishes encrypting all the files on the computer, the ransom note will be displayed on the infected computer screen with instructions on how to pay the ransom.
Another way this malware infects computers or systems is by the victim visiting a website. This is due to the hacker putting an exploit kit into the coding of the website, which looks for vulnerabilities on the victim’s device. The exploit kit used on the compromised website is hidden to not trigger any antivirus or protection on the computer. Usually a hacker compromises a website and depending on the hacker’s strategy, they might target a more frequently visited website. This is to increase the likelihood of potential victims who could be targeted for ransom.
Steps for ransomware using an exploit kit:
- Once the potential victim goes on a website, they click on a malicious ad or link that takes them to the compromised webpage.
- From the compromised website, the exploit kit checks the operating system and software for any vulnerabilities to be exploited.
- If a vulnerability is found, the exploit kit initiates the ransomware attack on the victim’s computer.
- The ransomware encrypts all the data on the computer’s hard drive.
- Lastly, a ransom note is displayed on the computer along with instructions on how to pay the ransom.
After the ransomware infects your computer, there are a few options to recover the encrypted data. Depending on the ransomware used, a cybersecurity company might have the decryptor tool to decrypt the files and recover them without paying the ransom. Some forms of ransomware only the hackers have the decryptor tool, so depending on the victim’s situation and data, they could either pay the ransom which is not recommended, usually in bitcoin or restore their data from backup servers if they have.
If your company has been hit by a ransomware attack, contact LIFARS.
Credits: https://enterprise.comodo.com/forensic-analysis/how-does-ransomware-get-on-your-computer.php
