Due to the coronavirus pandemic, the first half of 2020 was marked in the tech world by the intensification of an old acquaintance: ransomware, an attack that allows hackers access our personal information through a program that is installed in our telephone, PC or laptop. And that, without realizing it, many times we install it ourselves.
His name is an acronym for “data rescue program”: ransom in English it means rescue, and ware is a shortening of the well-known word software: a data hijacking program. Ransomware is a subtype of malware, an acronym for “malicious program” (malicius software).
Now, this type of virus works by restricting access to parts of our personal information, or all of it. And generally, hackers exploit this to ask for something in return: money.
Although some simple ransomware can block the system in a simple way, the most advanced uses a technique called extortion “cryptoviral”, In which the victim’s files are encrypted, causing them to become completely inaccessible.
Although these cases usually occur in large companies, as happened to Telecom last Sunday, only during the first six months of 2020 were almost 400,000 more ransomware samples than in the same period last year, as extracted from the Threat Landscape Report. Which means that its scope is very wide.
For this reason, it is essential to understand what it is, how it works, through which door they can enter and how to prevent it.
How it works: you can install it yourself
Whatsapp, a gateway to ransomware like all very popular applications. (Bloomberg)
Ransomware attacks are generally more specific than malware: hackers target specific computer systems that belong to corporate businesses, and this has to do with being “juicier” victims to extract money from them.
But this does not mean that they cannot enter our digital lives.
One URL per Whatsapp from an unknown contact. Worse still: a URL of a known contact: ransomware has multiple ways of reaching and the most common historically are associated with programs that we install ourselves.
To put it simply: it is very difficult for a well-known program to come up with ransomware. If we install, for example, Adobe Photoshop or Microsoft Office, it is very likely that these installers are safe.
But when we install other types of programs, many times they can come with surprises.
The historically most common case has to do with the programs that we install on our PC or laptop. And currently these are the four most common ways they have to spread:
– Trojans: They are ransomware number 1. Very famous viruses that come “disguised” as something they are not. Email attachments: be careful. It is the most common case. You should never open something without knowing what it is.
–Removable drives: watch out for the pen drives. External storage disks are perfect carry and bring of ransomware. Better to use the cloud.
Pen Drives: a danger to transfer ransomware. (SanDisk)
– “Malvertising”: Misleading advertising with a plus. It infects your computer and may hijack your data. It is not recommended to click on ads in general, but there may be cases where it is quite clear that there is a deception behind.
– Social networks: the case at hand, the massive hacking of high-profile US accounts. Never click on a link that offers something too good.
The complex thing is that ransomware is “improving” and spreads faster and faster and in more unexpected places: Cerber, Locky, CryLocker, CryptoLocker and Jigsaw are some of the stars of the set that are used by hackers worldwide.
Or the famous WannaCry, which infected at least 230,000 computers in 150 countries in 2017.
FaceApp, another of the popular applications that were at the center of the controversy. (AFP)
How to protect yourself against ransomware
- Install a program antivirus it will detect and catch ransomware attacks.
- Always keep updated all programs, browsers and the operating system. New updates are important not only because they bring new features, but can also include repairing security vulnerabilities that attackers can easily exploit.
- Make a backup of your data regularly. It is good for all cases to back up to the cloud and physical storage.
- If your device is infected with ransomware, first of all, disconnect it from the network to prevent the virus from spreading to other devices. Then contact your antivirus help department or, as a consumer, a technical support company.
Argentina: 50% growth
Buenos Aires, in quarantine. (Maxi Failla)
According to Avast, one of today’s best-known free antivirus, ransomware attacks grew by 50% in the first months of the pandemic compared to January and February 2020.
Most of the attempts were made in March, while in April the values began to return to normal. Worldwide, Avast experts observed 20% more ransomware attacks.
“During the pandemic, in March and April, we had to protect 50% more users in Argentina against ransomware attacks that earlier this year, in January and February, “described Avast malware researcher Jakub Kroustek.
The number of other types of malware attacks has also risen, and the timing of attacks has changed. “In the period prior to quarantine, in most countries of the world it was clear that malware campaigns reflected the work week, and that fewer of them were active on weekends than on weekdays. However, these differences blurred during the pandemic, as users and attackers probably worked more on weekends and from home, “adds Kroustek.
Analysts are currently observing two main trends. The first is large-scale attacks targeting end users and small manufacturing and service companies.
Thus, the first half of 2020 was marked by several major trends among ransomware operators, such as ransomware as a service, hosted on cloud servers accessed by criminal organizations via the Internet.
PjB