The cyber crime patrol has yet another reason to stay ultra alert “Ransomware”: ransom demanded for the data that digital 'dakus' hijack.
Last week Mumbai-based freelance designer Vaibhav Agrawal found something rather strange on his computer. A file, the only one in that folder, somehow had a different name. And when he tried to run it, an error message popped up. He discovered that this happened with almost all the JPEG, PDF and text files on his computer.
“The file name had been modified from "name.jpg" to "name+code.matrix". The error message read "file format is not supported'. At first, I tried opening it again. After several failed attempts, I tried renaming but failed,” said the 27-year-old.
Then there was something else strange: a Word document; the only one he could open and it read: 'Аttеntiоn! Аll yоur filеs are еnсryрtеd with RSА-2048 аlgоrithm...Tо gеt yоur uniquе kеy аnd dесrурt thе filеs, Yоu hаvе to sеnd thе fоllоwing cоdе: ZagbZgfnmMkLLn0z-406CAA1E43AE553B tо оur е-mаil аddrеss: email@example.com.'
Agrawal was a victim of ransomware, a malicious programme that enters the system and encrypts files until a payment is made to the attacker to decrypt.
The modus operandi is spreading rapidly across the world even giving viruses and worms, computer programes known widely for their destructive capabilities, a run for their money.
In December last year, Carroll County Sheriff's department paid a ransom of $around 2,400 to regain access to their system after a similar attack. Before that, an Indiana County paid $21,000 in ransom and a Pennsylvania prosecutor's office also paid $1,400 in ransom. The ransom was asked in cypto-currency, usually bitcoins, so that hackers can’t be traced.
According to Symantec’s Internet Security Threat Report (Vol. 21), India faces an average of 15 cyber attacks per hour (363 attacks per day), the second highest in Asia. Despite these numbers, Indians don't report it to the cyber cell, so the number could be even bigger.
“I receive complaints on daily basis. A doctor has lost his research data for the past five years and a photographer is unable to access his years of work ... They want solution but they don’t want to come out in the open. Companies and individuals are scared of losing clients or image,” says Rakshit Tandon, consultant at the Internet and Mobile Association of India (IAMAI) and a cyber security expert.
According to Tandon, our systems are very vulnerable to ransomware attacks. “They send emails from similar looking ids, it can be order details of products you haven’t bought. When you download the receipt to check, the virus enters the system. Game addicts often get links for latest update or extra life and upon clicking on it, their system gets infected,” he adds.
Several law enforcement and IT security companies including Europol, Kaspersky lab, Intel security among other have come together to fight ransomware. They have started an open-project titled ‘No More Ransom’ aiming to educate users about ransomware and countermeasures. It also provides decryption tool for some of the ransomwares.
What can you do?
It is advised to take certain precautionary steps to prevent personal as well organisation’s data. Among them is taking regular backup of your work. These backups can be taken on a portable hard-drive or on a cloud or both. While taking backup on a cloud service like Google drive, use a separate email address so that it is not known and enable a two-step-verification on all your gmail accounts. Another is to be careful while downloading an attachment and users should view the file before downloading it.
One most important thing, which many of us take casually, is avoid using a pirated operating system or anti-virus. According to Tandon, both should be genuine and updated from time to time so that they can eliminate vulnerability and viruses.
If you realise that your system has been attacked, the first step should be to disconnect your internet and shut your system until an expert is consulted