An Introduction to the World of Ransomware

Ransomware, as the name suggests, is a computer malware that prevents users from accessing their computer systems unless they pay a ransom to the cybercriminals. Unlike other viruses where users have to spend money to remove adware and other malware installed in the system, ransomware requires the user to literally buy back their access to their own computers. It is the cyber version of blackmail where criminals force individuals to pay a ransom to recover their loved ones or precious belongings.


Evolution of Ransomware

According to TrendMicro, the earliest ransomware cases, which originated in Russia in 2005-06, created password-protected zip files of documents, spreadsheets, programs, and DLL files. The user was required to pay a ransom to obtain the password and regain control over his or her system.

By 2012, ransomware attacks had spread into Europe, Canada, and the USA. The attacks became more sophisticated as cybercriminals began using a wide range of websites to infect computers, and pretended to be law-enforcement agencies to scare affected users from going public about the attack.

In 2013, a new variant emerged that, apart from blocking access, encrypted the files of the system. This meant that users could no longer recover access by simply deleting the malware. The user would still have to pay ransom to decrypt the files. These variants are called CryptoLocker, a reference to the fact that the system’s files are locked due to crypto-encryption.

    Other variants include
  • Malware that require steal bitcoins or require payment of ransom in bitcoins
  • Attacks that focus on the inbuilt PowerShell feature in MS Windows 7 and above
  • Instances where backup files are deleted to prevent the user from bypassing the encryption, and
  • Attacks that block access to remote drives as well.


Impact of Ransomware Attacks

Unlike conventional virus and malware attacks, ransomware makes it impossible for the user to access his or her files until the problem is solved. For a business, the prospect of databases built over decades becoming inaccessible can affect the very existence of the business. Basic tasks like meeting deadlines, responding to mails, or updating internal spreadsheets will become impossible.

Apart from impact on productivity, ransomware attacks can affect the firm’s or individual’s finances as well. Ransomware: A Growing Menace, a report by Norton security experts, analyzed a specific attack covering 68,000 computers in a month with ransom demands ranging from $60 to $200. Experts found that payout resulted in a loss of $33,600 for 168 users. With less than 3% of victims paying the ransom, the criminals could have made close to $400,000 in a single month. This analysis clearly reveals that ransomware attacks pose a very real threat to the finances and functioning of any individual or business depending on IT products and services as a part of their routine activities and operations.


Future of Ransomware

The Europol's 2014 Internet Organized Crime Threat Assessment has warned about ransomware attacks on medical devices like pacemakers, medical information systems in hospitals and devices, as well as attacks on Internet of Things.

With Internet connectivity becoming an integral part of our lives, a hacker situated thousands of miles away can hold all aspects of our lives at ransom through sophisticated ransomware attacks.


Protection from Ransomware

The best way to escape ransomware attacks is to focus on preventive action. The following steps can help individuals and businesses avoid becoming victims of a ransomware attack.

  • Having an up-to-date antivirus program that offers traditional file-based security to detect and block ransomware files.
  • Network-based security tools that track and block attempts by hackers to penetrate corporate and personal networks.
  • Tools designed to detect files displaying ransomware-like behaviour in computers and on networks.
  • Programs that offer reputation-based protection by warning surfers when visiting infected or unsafe websites.
  • Standard security practices like avoiding downloads from random emails and tracking common social engineering techniques used by cybercriminals.

Finally, one can minimize negative impact of a successful ransomware attack by having network-independent backups to minimize risk of loss of access to the files.

Further, one can use recovery tools offered by reputed online security brands to recover control of infected systems.


Sources

https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ransomware-a-growing-menace.pdf

https://www.us-cert.gov/ncas/alerts/TA14-295A

http://www.trendmicro.com/vinfo/us/security/definition/ransomware

http://www.raps.org/Regulatory-Focus/News/2014/10/09/20535/Money-or-Your-Life-Report-Predicts-Ransomware-Affecting-Medical-Devices-in-Near-Future/

 

• Site Map