Facts about DarkSide Ransomware Attack – ICSS

What is Ransomware Attack?

Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment. In most cases, ransomware infection occurs as follows. The malware first gains access to the device. Depending on the type of ransomware, either the entire operating system or individual files are encrypted. A ransom is then demanded from the victim. If you want to minimize the risk of a ransomware attack, you should rely on high-quality ransomware protection software.

 

How Ransomware works

There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing spam — attachments that come to the victim in an email, masquerading as a file they should trust. Once they’re downloaded and opened, they can take over the victim’s computer, especially if they have built-in social engineering tools that trick users into allowing administrative access. Some other, more aggressive forms of ransomware, like NotPetya, exploit security holes to infect computers without needing to trick users.

 

There are several things the malware might do once it’s taken over the victim’s computer, but by far the most common action is to encrypt some or all of the user’s files. If you want the technical details, the Infosec Institute has a great in-depth look at how several flavors of ransomware encrypt files. But the most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker.

 

In some forms of malware, the attacker might claim to be a law enforcement agency shutting down the victim’s computer due to the presence of pornography or pirated software on it, and demanding the payment of a “fine,” perhaps to make victims less likely to report the attack to authorities. But most attacks don’t bother with this pretense. There is also a variation, called leakware or doxware, in which the attacker threatens to publicize sensitive data on the victim’s hard drive unless a ransom is paid. But because finding and extracting such information is a very tricky proposition for attackers, encryption ransomware is by far the most common type.

 

Who is a target for ransomware?

There are several different ways attackers choose the organizations they target with ransomware. Sometimes it’s a matter ofopportunity: for instance, attackers might target universities because they tend to have smaller security teams and a disparate user base that does a lot of file sharing, making it easier to penetrate their defenses. On the other hand, some organizations are tempting targets because they seem more likely to pay a ransom quickly. For instance, government agencies or medical facilities often need immediate access to their files. Law firms and other organizations with sensitive data may be willing to pay to keep news of a compromise quiet — and these organizations may be uniquely sensitive to leakware attacks. But don’t feel like you’re safe if you don’t fit these categories: as we noted, some ransomware spreads automatically and indiscriminately across the internet.

 

How to prevent ransomware ?

There are a number of defensive steps you can take to prevent ransomware infection. These steps are a of course good security practices in general, so following them improves your defenses from all sorts of attacks:

  • Keep you operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
  • Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
  • Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
  • And, of course, back up your files, frequently and automatically that won’t stop a malware attack, but it can make the damage caused by one much less significant.

Ransomware examples:

While ransomware has technically been around since the ’90s, it’s only taken off in the past five years or so, largely because of the availability of untraceable payment methods like Bitcoin. Some of the worst offenders have been:

  • CryptoLocker, a 2013 attack, launched the modern ransomware age and infected up to 500,000 machines at its height.
  • TeslaCrypt targeted gaming files and saw constant improvement during its reign of terror.
  • SimpleLocker was the first widespread ransomware attack that focused on mobile devices
  • WannaCry spread autonomously from computer to computer using EternalBlue, an exploit developed by the NSA and then stolen by hackers.
  • NotPetya also used EternalBlue and may have been part of a Russian-directed cyberattack against Ukraine and many more.

About Indian Cyber Security Solutions

Since the Global Pandemic, there has been a rise in the demand of a proper professional Penetration Testing Professionals. We at Indian Cyber Security Solutions have been looking at Multi-National Companies demand and have been focusing to impart training and education knowledge to students who are interested in Penetration Testing. With Penetration Testing Service Providers in India by Indian Cyber Security Solutions, we enable an individual to become highly proficient in Ethical Hacking.

ICSS has secured 300+ website and web-based applications worldwide and gained considerable experience backed by qualified professions with certifications on CISSP, ISO-27001 Lead Auditor, and Certified Ethical Hacker. However, if you want to become a professional in the field of Penetration Testing, do join Indian Cyber Security Solutions. Although you know that there are many institutes that offer this training, Indian Cyber Security Solutions stands apart from these institutes due to our commitment in training students.

Also as an Education Institute, we provide Cyber Security Training to students as well and as many as One hundred thousand students have enrolled at the Indian Cyber Security Solutions, with many having pass the exams and becoming a cyber security professional.

With this we have been acknowledged as “One of the best Cyber Security Training Institute in India” by Silicon India, as well as the “Top 20 Tech Brands of 2021 in India” by Business Connect. Our achievements not only ends here, as we have added another feather to our institute as “10 Best Security Solutions Provider” by Industry Era. With our achievements, we strive to work hard more to impart the right cyber security knowledge to students so as to improve the cyber security infrastructure of our society.

The post Facts about DarkSide Ransomware Attack – ICSS appeared first on Indian Cyber Security Solutions – ICSS .