Ransomware Protection

What is Ransomware?

Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.

While some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the “WannaCry worm”, travelled automatically between computers without user interaction.

 

The biggest ransom ever paid

In 2017, the Korean web hosting firm Internet Nayana received the largest ransom demand ever (a whopping $1.14 million), which they also ended up paying. During their negotiations, some of their data was permanently deleted. To make up for the incident, Nayana offered free hosting for life and refunds to its affected customers. So, of course, besides the actual payment, the ransomware attack involved additional costs and reputational damage.

 

Riviera Beach City, Florida, USA ::

Amount paid: $600,000

Allegedly, right after an employee clicked on a phishing email link received on May 29, hackers managed to infiltrate into the city’s network and locked it up. All of the city’s online systems went down, including email and even some phones, and on top of that, water utility pump stations were affected as well. As a result, payments could only be accepted in person or by mail (only in cash or by check) and communication was conducted by phone.

The City Council unanimously agreed to pay the ransom. The requested amount was 65 bitcoins, the equivalent of nearly $600,000. More than $300,000 from the city’s insurance policy was used to pay the ransom. The payment was officially made merely a few weeks after Riviera Beach agreed to spend around $1 million to replace the infected computer equipment.

Riviera Beach’s attack looked similar to what Jackson County experienced in March, so it seems they were yet another victim of the Ryuk ransomware strain.

 

Lake City, Florida, USA

Amount paid: $500,000

A second city in Florida paralyzed by ransomware agreed to pay the ransom: 42 bitcoins ($500,000).

Even though their IT staff disconnected the systems within ten minutes of the attack’s detection, the ransomware managed to infect their network almost entirely. The police and fire departments were not affected, as they were running on a separate network. The people who needed to pay their bills could only do it in cash or money orders and they received handwritten receipts.

Cybercriminals reached out to the city’s insurance provider a week after the infection took place and the ransom payment of 42 bitcoins was negotiated. The money was paid from the city’s insurance.

Over 100 years’ worth of records (ordinances, meeting minutes, resolutions, and City Council agendas) were encrypted for almost a month. A few weeks after the ransom was paid, they did not even recover all of their data. What’s more, Lake City’s information technology director was accused of failing to secure the network and not recovering the data quickly enough and eventually lost his job.

Lake City was another victim of the Ryuk ransomware strain.

 

  1. Bitdefender – Multi-Layer Ransomware Protection
  2. eScan – Advanced Protection against Ransomware Threats
  3. McAfee – Ransomware Solution
  4. AVG – Extra ransomware protection
  5. SonicWall – Stop Advanced Threats 
  6. Sophos – Advanced Protection from Ransomware
  7. Stealthbits – Crypto Ransomware Detection
  8. NetwrixMitigating the Risk of Encryption Ransomware
  9. Preempt Maza Ransomware- Protection

 

You can contact us for support or consultancy  at :: support@yi.com.pk



Leave a Reply