• CERT Admin
  • Fri Dec 15 2017
  • Cyber Guardian Blog



‘Ransomware is a popular term that frightened people around the world recently. It is a malware that is created to obtain a ransom from the person of an infected system. The most famous ransomware type is encrypting ransomware which can encrypt the hard drive of your computer and prevent you from accessing your data inside it. In order to decrypt your data, the attacker request you to pay a ransom. However, ransomware is being around for a while and recent reports show that the attackers have greatly improved and use ransomware in more effective ways even evading the mobile phones. 2017 was a year that created havoc for businesses worldwide due to the Ransomware such as NotPetya, WannaCry, Locky and Bad Rabbit. 

The growth in digital payment methods, mainly Bitcoin has also become a supportive factor for the fast growth of ransomware attacks. Bitcoin helps to anonymize the transactions and to prevent the identification of the criminals. Hackers request to pay the ransom in bitcoins so it will be impossible to trace back the criminal. 

According to the reports, NotPetya considered to be the most destructive ransomware attack in 2017. Not only NotPetya was able to cripple down the Ukrainian power plants, banking services and supermarkets but also it was able to get infected in to hundreds of thousands of computers of 100+ countries around the world. 

WannaCry is the other destructive malware which was able to get infected more than 300,000 devices around the world and scared many more in May 2017 and was able to cripple the banks, law enforcement agencies, and other infrastructure. 


In Bad Rabbit ransomware, users got affected through fake Adobe Flash software updates. When the software is downloaded and run, the user is infected with ransomware where their files were encrypted. All these three attacks were targeting the Microsoft Windows based systems exploiting SMB protocol using the EternalBlue vulnerability. 

DoubleLocker, was a ransomware which got infected in Android devices and encrypted the victims mobile phone and modified its PIN also. Attackers gave 24 hours’ deadline to the victims to pay the ransom. 

Once your device is infected with a ransomware, you will lose access to your data and will see an image that says the files are encrypted and to recover the files you should submit the payment and get the decryption key. For example, the attackers behind Bad Rabbit were demanding 0.05 Bitcoin (£220) from victims, in exchange to provide the decryption key for their encrypted devices. 


Cybersecurity Ventures predicts ransomware damages will cost the world $5 billion in 2017 and climb to $11.5 billion in 2019. Therefore, protecting ourselves from ransomware is very important and a timely requirement. Through the good cyber practices, the users will be able to protect themselves not only from ransomware but also from other security related threats as well. 

Stay up to date - Ensure you apply all updates on all your devices. The operating system patches and software patches are important. The patches are used to fix the vulnerabilities. Do not run software updates that are prompted by third-party sites. If you do need to update your software, directly get it updated through the vendor’s website. 

Virus guard to protect your system - Use a good anti-virus software and keep it up to date. Regular updating of the virus-guard is very important to keep your system healthy and secure. 

Think before you click - Do not click on any suspicious links or do not download any suspicious attachments. They can contain malicious codes which can infect your system or which can lock you out from using your own device. 

Back it up - Make sure you back up your system. Store your files securely offline. If you maintain regular backups and keep it safe and secure even you get infected with the ransomware you can lessen the pain since you can restore everything from the backup. 


Should you pay the Ransom? – According to the Security experts’ advice YOU SHOULD NOT PAY the ransom in order to obtain the decryption key. There are two reasons for this. One is even though you pay the requested ransom, receiving the decryption key is not guaranteed. Therefore, paying the ransom can be a waste of your money. And the other reason the experts say is, by paying the ransom you are becoming a willing participant in a crime. 




Shammi Hewamadduma 

Shammi is an Information Security Analyst at Sri Lanka CERT|CC  

Last updated: Fri Dec 15 2017