Manchester United — A target for Ransomware.

Hackers who targeted Premier League club Manchester United last Friday are reportedly demanding millions of pounds in ransom in exchange for not releasing sensitive files associated with the club and its players, the Daily Mail has revealed. We call this form of attack a Ransomware.

Ever wondered what all the ransomware fuss is about?

Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment some laws actually prevent victims from paying this amount and sometimes fines companies who pay. For example, if the Red Devils give in, they could break US legislation that is punishable by a fine of up to £15m, the Daily Mail report because they are listed on the NewYork stock exchange, they are subject to this law.

How can one get infected by Ransomware?

• One of the most common ways is via Malspam. This uses social engineering to trick people into opening attachments or clicking on links by appearing as legitimate — whether that’s by seeming to be from a trusted institution or a friend.
• Another popular infection method is malvertising. Malvertising, or malicious advertising, is the use of online advertising to distribute malware with little to no user interaction required. While browsing the web, even legitimate sites, users can be directed to criminal servers without ever clicking on an ad.

What does Ransomware do?

There are several things the malware might do once it’s taken over the victim’s computer, but by far the most common action is to encrypt some or all of the user’s files. If you want the technical details, the Infosec Institute has a great in-depth look at how several flavours of ransomware encrypt files. But the most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker.

In some forms of malware, the attacker might shut down the victim’s computer due to the presence of pornography or pirated software on it, and demanding the payment of a “fine,” perhaps to make victims less likely to report the attack to authorities.

Who is a target for ransomware?

Attackers can target anyone for any reason from universities to hospitals who need data urgently to work with, government agencies, law firms.

How to prevent ransomware

There are several defensive steps you can take to prevent ransomware infection. These steps are good security practices in general, so following them improves your defences from all sorts of attacks:

• Keep your operating system patched and up-to-date to reduce the likelihood of being exploited.
• Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
• Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
• And, of course, back up your files, frequently and automatically! That won’t stop a malware attack, but it can make the damage caused by one much less significant.
• In all practice save browsing as attackers can change the signature of malware to make it undetectable by an antivirus program.

How to remove Ransomware.

If your computer has been infected with ransomware, you’ll need to regain control of your machine. CSO’s Steve Ragan has a great video demonstrating how to do this on a Windows 10 machine:

https://www.youtube.com/watch?v=kJuibb9QaWk&feature=emb_title

The video has all the details, but the important steps are to:

• Reboot Windows 10 to safe mode
• Install antimalware software
• Scan the system to find the ransomware program
• Restore the computer to a previous state

But here’s the important thing to keep in mind: while walking through these steps can remove the malware from your computer and restore it to your control, it won’t decrypt your files.

To read more on ransomware please visit:

https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html

https://www.malwarebytes.com/ransomware/

https://www.kaspersky.com/resource-center/definitions/what-is-ransomware