5.1 as remote desktop control or targeting exploits

5.1 Description of ThreatRansomware has recently been gaining in popularity once again with the most recent attack being in May 2017, going by the name of WannaCry. Ransomware is usually spread through the opening and downloading of seemingly unsuspicious files and emails claiming to be from legitimate sources (official websites) or services such as banks and delivery websites that many consumers use in their daily life. However, ransomware attacks have gotten increasingly sophisticated as attackers move from requiring user interaction to employing other tactics such as remote desktop control or targeting exploits in old, unpatched operating systems that are not supported anymore (Windows XP, 7, Vista) to gain access to computers without the permission or help of the user. Ransomware is a huge threat as it can target any unsuspecting user who has not taken steps to ensure that their computer is secure, and restrict access to the computer entirely, or selected files which may be very important to the user, whether for work or personal life, unless the user pays a huge sum of money (usually through untraceable means such as virtual currency like bitcoin). And even after paying the user may not receive access to their computer or files back and be scammed by these attackers.5.2 Nature of ThreatRansomware works in many ways, depending on the method of attack chosen by attackers. These attackers may attach malware to emails or downloadable software that installs itself onto the user’s computer without the knowledge of the user. The malware then starts to look for and encrypt types of the user’s files such as documents or pictures that are likely to be important to the user, and display a message that their computer has been compromised and to pay a huge sum of money (ranging from $500 to over $2000) in virtual currency or pre-paid vouchers and cards if they want the files to be unlocked. Alternatively, for users working in companies that usually use vastly outdated versions of operating systems, when left unpatched attackers that have found exploits in the system can send worms to infect these computers and encrypt files without the help of the user having to download and install the malware at all. As the target audience for ransomware attacks are gullible users who are either using outdated operating systems or are likely to click on emails and download links that disguise themselves as legitimate sources, nearly anyone and everyone can fall prey to these attacks and lose access to their computers and files, costing a lot of resources in terms of time and money to retrieve them back. 5.3 Mitigation of ThreatBackup your data regularly on an external drive so you can restore it in case of an attack and lose little to no data.Show hidden file extensions (hidden by default on Windows) to keep a lookout for suspicious executable (.EXE) files. Additionally, be wary of .EXE files attached to emails.Disable files running from AppData/LocalAppData folders as it is a known way for attackers to run their malware installation through there.Disable Remote Desktop Protocol if not required. As stated previously, ransomware attackers have found new ways to infiltrate the computers of unsuspecting users and this is one way.Update your software regularly. Software companies are always trying to find and fix bugs and exploits that can be used by hackers to gain access to your computer. This is particularly important as many working companies use very outdated software and operating systems and rarely update them at all.Install and update anti-malware and firewall software regularly to prevent suspicious files that might have slipped past you.Disable browser plugins and macros unless necessary, set notifications when something requires them. This is another way for ransomware attackers to install malware onto your computer.Lastly, NEVER pay the ransom. This encourages the attackers and there is a high probability that you won’t even get your files back.