Ransomware is a denial of access (DOS) malware that holds computer files and/or the entire hard-drive hostage until a ransom is paid. Some early versions merely locked the screen in a way that was not hard to undo, but the latest ransomware use encryption making it almost impossible to recover the affected files. In 2015, the FBI warned that ransomware was on the rise and this is still one of the most dangerous, fastest growing malware categories. Ransomware victims include private individuals, businesses, universities, hospitals and law enforcement agencies.
Ransomware attacks threaten a company’s reputation and leave lasting question marks about the organisation’s security practices. The most recent ransomware strain, known commonly as ‘WannaCry’, exploited an outdated Windows vulnerability that was revealed when hackers published a trove of data stolen from the US National Security Agency. As of March, Microsoft had offered a downloadable security patch to fix the issue. However, when WannaCry hit the internet 12 May 2017, it infected computers in 150 countries and caused problems for the National Health Service in the UK, Spain’s Telefonica, Deutsche Bahn and FedEx among others. Within a few days, a kill switch was discovered that slowed the spread of the malware, but not before it had highlighted just how few organisations regularly update their operating systems.
In the short term, ransomware can cripple a company’s operation, but the long term effect is even worse. Encrypting ransomware doesn’t typically steal data, but it can work in tandem with a malware that does and, regardless, any publicised malware attack will leave customers questioning whether their personal information is secure. Reputation Defender’s privacy services can help individuals and companies improve their security practices so they are less vulnerable to ransomware and other types of malware.
The Rise of Ransomware
Early generations of ransomware date back to 2005. Some planted an unwanted pornographic image on the computer, while others locked the screen or keyboard. Many purported to be from law enforcement, claiming criminal activity had been discovered on the computer and victims would be arrested if they didn’t pay the fine.
By 2013, cryptoviral extortion, ransomware which uses a private cryptographic key to scramble files, had become common. In most cases, encryption made it impossible to recover the data without assistance from the extortionist, so criminals no longer had to rely on scare tactics to get victims to pay. At the same time, online payment in Bitcoin, which is extremely hard to trace, became the most popular method of collecting ransoms. Today’s ransomware often include detailed instructions for victims who’ve never worked with Bitcoin before.
Ransomware is Profitable for Criminals
The ransomware scene has become extremely lucrative for online criminals. From 2013-2014, the famous CryptoLocker ransomware infected an estimated half million people before it was taken down by the FBI. Only about 1.3 percent of victims paid the ransom, yet the malware still collected an estimated $27 million USD over the six months it was active. One of the victims was a Massachusetts police department which paid $750 (£585) in Bitcoin to recover sensitive data.
When Symantec was able to intercept the servers collecting Bitcoin for CryptoDefense, another prolific encrypting ransomware, security experts discovered that an estimated three percent of victims paid the ransom, amounting to about $34,000 (£26,000) over the course of a single day. CryptoDefense doubled the ransom after four days, giving victims even more incentive to pay quickly without getting help. Eventually a flaw was discovered: the ransomware used the victim’s own computer to generate the encryption key, leaving behind a retrievable copy that could unscramble the files. Unfortunately, the authors later redesigned CryptoDefense without the flaw and a version still exists in the wild.
Ransomware is a thriving black market where criminals market and sell illegal technology to each other. Many ransomware have affiliate programmes which offer buyers a cut of the profit if they spread the word to other online gangs. This suggests that criminals with little technical expertise can target victims and extort enough money to off-set the cost of the technology.
Watch Out for These Ransomware
Here are some of the active strains of ransomware to look for.
- Cryptowall – an updated version of CryptoDefense, this ransomware can encrypt files on any external or shared drive as well as the computer itself. Ransoms range from $200-$5,000 (around £150-£3,900) depending on the size of the organisation and the importance of the data.
- CBT Locker – stands for ‘curve-Tor-Bitcoin’, CBT Locker uses elliptical curve encryption and the host server is concealed on the Tor network.
- TorrentLocker – has the ability to collect addresses from the victim’s contact list. FoxIT has estimated that Torrent Locker has about 2.6 million email addresses.
- WannaCry – the latest devastating ransomware attack is likely to be short-lived, but it points to systemic problems in online security. New versions of the malware that bypass the kill switch have been developed, but the rate of infection has continued to slow as more companies and individuals download Microsoft’s latest security patches.
- Mobile Ransomware – ransomware isn’t just for computers and laptops. The so-called ‘Porn Droid’ app was a 2015 scare in which a LockerPin Trojan masqueraded as an android app. Victims who downloaded it found that their pin had been reset and they were locked out of their phone. Ransom demands followed quickly, but those who paid didn’t regain entry to their phone.
The best way to protect against ransomware is to back up regularly so there is always a recent copy of every file on a separate drive. To avoid becoming infected, watch closely for phishing scams and avoid downloading unknown files or apps. Double-check URLs carefully before clicking on a link or visiting an unknown site. Download security updates as soon as possible and scan regularly with a well-reputed antivirus/anti-malware program.
Contact Reputation Defender to learn more about our privacy protection services.