Ransomware Is An Epidemic And It’s Getting Worse
All over the world, ransomware criminals are locking up important computer systems and demanding crypto as a ransom. Ransomware is officially an epidemic and cryptocurrencies sit at the nexus of the crisis.
We sift through the fallout of a ransomware attack at schools in Afton, Missouri, and our panelists discuss the history and current role of crypto in this booming type of cybercrime.
With over 100,000 new variants released every day, ransomware is mutating like a virus, while the world’s cyber security forces work to stop it. In fact, ransomware is the number one cyber concern. Most ransomware either locks the interface or encrypts files on a computer or network, sends users a ransom message, and, ideally, releases the interface or decrypts the data after the ransom is paid.
At this point, there are two major types of ransomware:
Locker ransomware restricts user access to infected systems by locking up the interface or computing resources within the system. It puts up a display page telling victims to pay through credit vouchers purchased from local stores or money transfer services. According to security software vendor Symantec, locker ransomware accounted for about 36 percent of ransomware samples they detected in 2014-2015. Attackers have moved away from locker ransomware because the disabled interface prevents victims from paying in crypto currencies such as Bitcoin, which are faster and less traceable. However, experts expect that locker ransomware may regain popularity with attackers because it can affect mobile devices and devices on the Internet of Things.
Crypto ransomware encrypts files on the target system so that the computer is still usable, but users can’t access their data. It typically uses strong industry standard encryption schemes, often with encryption keys that time out, adding urgency to the ransom payment deadline. Crypto ransomware leaves the user interface functioning, so that users can get to the Internet to make ransom payments in crypto currency. Symantec say that crypto ransomware makes up 64 percent of the samples that their software detects.
The successful ransomware cyber attacker is also able to work the psychological scam, scaring victims into paying rather than taking defensive measures, and giving them reasonable confidence that their systems will be restored plus enough technical support that they can figure out how to pay in crypto coin.
Ransomware enters systems through four main channels:
Social engineering: Ransomware is often downloaded by unwitting users. Phishing emails induce users to click on bad links or download and open malicious attachments. Cyber criminals will hire services to redirect users from adult content sites or media piracy sites to their downloads or they will use malvertisement services to bait users from ads on legitimate web sites. Hackers are also now using social media messaging as an attack vector for ransomware. This is harder for organizations to detect because the attacks are now running under HTTPS/SSL.
Layered attacks: Cyber criminals who have already hacked a system sometimes sell access to ransomware criminals. The undetected malware on a zombie machine can download the ransomware and remain after the ransom is paid, waiting for another opportunity to steal data or extort another payment.
Embedded: Ransomware is sometimes embedded in seemingly legitimate downloads such as software updates or resume files. Fake Adobe Flash updates are a notorious Trojan horse for delivering ransomware because Flash is so common in browsers around the world.
Self-propagation: Once inside a network, some ransomware can seed itself to additional computers or other devices via SMS messages or a user’s contact list.
The technology behind ransomware is daunting, as developers for the hackers employ stronger encryption and more tactics to elude detection. Cyber security technology will catch up, but in the meantime, organizations and individuals need to avoid giving in to the fear because that is the ransomware criminal’s greatest weapon.
Just as the earliest forms of ransomware extorted users with non existent threats, much of today’s ransomware is not as invincible as it seems that is why attackers keep coming up with scarier tactics for their ransomware. One of the most brutal is the Petya virus, Not only does the malware attempt to lock the whole hard drive at once rather than slowly encrypting individual files, its user interface is a grinning skull and crossbones made mostly of dollar symbols.