One of the most nasty and sinister malware threats to come out of the minds of cybercriminals has been the creation of ‘ransomware’.
Ransomware is a type of malware that encrypts data, and then extorts money from the victim. Infection is carried in either an email, as an attachment, or using an exploit kit on a website where the malware will be downloaded and executed. Once infected with ransomware, the files, on your computer, across the network and even on remote file storage like Dropbox, are encrypted. When the malware has done its job, it then is programmed to pop up an onscreen message letting you know that if you pay X amount, within X days, your files will be decrypted. The x amount is usually $500-$1000, but can be much more, and payment is expected in the form of bitcoin; they ask for bitcoin because it is less easily traceable than a traditional money transfer.
Cryptowall is probably the most infamous of all ransomware. Cryptowall is up to version 4 and according the Cyber Threat Alliance the malware had, by version 3, made at least $325 million worldwide from infections. Each version of Cryptowall becomes even more sophisticated than the last. Cryptowall 3 was built to hide from detection and Cryptowall 4 changes filenames so users can’t even find out which files have been encrypted.
People are paying the hackers. If you suddenly find all of your data: customer records, intellectual property, documents, flow charts, presentations, accounts, etc. are encrypted and essentially gone, you’ll pay up. The fear that the ransomware hackers instill in people is real. The FBI reported losses in the U.S. alone of around $18 million between 2014 and 2015. And that’s just in payments out. This doesn’t include material losses through lost time and network issues that ensue. And of course there is no guarantee that just because you pay the cybercriminal that they will decrypt your data – we are dealing with a criminal mind here, after all.
The FBI research was from a year ago, but MacAfee in their 2016: Threat Predictions report state that: “Ransomware will remain a major and rapidly growing threat in 2016…. we predict that the rise of ransomware that started in the third quarter of 2014 will continue in 2016. “.
It is hard to read the mind of a cybercriminal into the 2020’s, but the likelihood is that with a successful money-raising venture, like Ransomware, it will only proliferate. The Internet of Things being an area that will likely be utilized by cybercriminals as a means of infection. IoT devices have a very wide security surface to attack and thus far security of the IoT is still far from perfect.
Ransomware hackers are targeting rich nations. They need to find companies that can afford to take the risk of paying $000’s to get their data back. The target sector the hackers are after is widespread and getting wider. They are coming after businesses of all sizes, rather than just being a consumer problem.
One of the most insidious ways ransomware is getting onto a network is via ‘malvertising’. Hackers are using the ad placement network and actually paying for infected ads to be served up on legitimate websites. Major websites like the New York Times have run infected ads. The most worrying thing about much of ad-based malware is that it is based on ‘exploit kits’ like ‘Angler’. If you access a site running a malicious ad and you happen to also have a vulnerability in your browser or Flash, then you have a very high likelihood of becoming infected with ransomware without even clicking a mouse. Scary stuff.
U.S. SMB’s are as much a target as their larger cousins because the hackers know that they are a ‘soft target’. Smaller companies are less likely to have a dedicated security team and systems in place to handle such an attack.
And no one is safe, in the past few months several U.S. hospitals have been infected with ransomware and one, the Hollywood Presbyterian Medical Center had to pay out $17,000 in bitcoin to the cybercriminals.
You can help prevent a ransomware infection by making sure that:
1. Your staff is well trained in the way that malware infections work – make them aware of the danger of attachments in emails for unknown sources.
2. Keep your OS and other software up to date and patched
3. Keep backups of your data (but be careful not to use certain backup software that synchronizes with your directories as this can also become infected with ransomware)
4. Have a security strategy in place to deal with the complexities of ransomware prevention and infection
Of course, if you do get infected, one thing is apparent. Even if you pay to have your files decrypted, the chances are that the cybercriminals behind the scam have already exfiltrated any data using remote access and will be selling that data, especially personal information, on the dark web. So simply put, the best way to deal with ransomware is to avoid infection in the first place.