Learning’s from Ransomware Attack!!

Learning’s from Ransomware Attack!!

What encouraged me to write this blog on “Learning’s from Ransomware Attack”, since last one month or more, we are hearing about Ransomware malware attack (Petra, Petrwrap, and WannaCry etc) on Windows machines. So, what exactly Ransomware is? and How we can prevent such attacks?

Ransomware is malware (malicious software) that hacker installs on PC without user’s consent, usually carried out using a Trojan. This enables them to lock your PC, threatens to publish or delete data, until a ransom is paid. Ransom would be in terms of Bitcoin or other digital currencies due to which it is difficult to trace Attacker.



Ransomeware Attack
Ransomware Attack Flow

Note: Example shown above is general illustration of how Ransomware affect users system.

There are multiple ways like opening malicious attachments in emails, malicious instant messages, clicking on malicious links on suspicious website or emails and even through Network as well.

Though this attack was very specific to Windows, but impact could be huge, because globally Windows market share is around 90% this year.

Traditional approach of Problem solving:

As we know, when anything happened to Windows machine, our traditional approach to resolve it is to “Restart” the machine, even technical or help desk Guy at IT department follow this approach. Though, this is not a written step to resolve the Windows problems. But even the kids know it, so when Ransomware attacks your machine, just restart the machine, It should resolve your problem. Does It? No…Sorry not at this time…This will not be going to help us!!



What happens next? To resolve this problem IT team will do root cause analysis, find the solution then develop, test and install that patches, Antivirus will create new solution to prevent the Attack through antivirus, We as individual purchase the Antivirus and assume problem gets resolved and everyone gets happy!!!!

But, all these are measures for cure, not for Prevention. (Note: Here I am not thinking from Antivirus perspective)

Next time, attack could be on one specific Servers, Network or websites, which may lead to big loss to the Business.

So, what proactive actions can be taken?

What are the key learning points for QA or Tester or I would say for Developers?

Are these cyber criminals are more intelligent than us?

No, not at all, they just find the vulnerability in the targeted software (Which we missed) and exploit it to create attack.

But it is us, Specifically Development and QA who needs to be more cautious while doing day today activities to minimize probabilities of such kind of attacks.

Preventive Measures can be:

  1. Analyze the latest techniques used by the cyber criminals.
  2. Analyze the why traditional approaches of Security not useful to stop such attacks.
  3. Analyze the coding standards.
  4. Analyze the Testing standards.
  5. After doing all above analysis, we need to update or change the way we are doing all above activities now.
  6. Need to set up stringent Auditing and Risk Assessment criteria’s.
  7. Regular Auditing and Risk Assessment, based on criteria’s set.
  8. Need to assess, update the designing, coding and testing standards on regular basis, based on assessment results.

I know, none of the software is 100% defect free or vulnerability free, But 99.99% is always achievable. Though, it also depends on individual ability who is coding or testing and how he/she performs these activities.

Thanks for reading!! If you like this blog please share it!!!

To follow this blog, Go to “FOLLOW BLOG VIA EMAIL” section at bottom of the page, Enter your email address and click on Follow button.

 


4 thoughts on “Learning’s from Ransomware Attack!!”

  1. Thanks Swapnil for explaining about Ransomware in a simple language . Everyone talks about Ransomware but your approach to look at it is different as you have provided the preventive measures also.

Leave a Reply