Anti-virus companies, Internet security firms, and threat intelligence providers — as well as the security researcher population in general — are all warning of an eruption of ransomware, one fueled by motivated attackers, cheap infrastructure, and ransomware-as-a-service software.
For the uninitiated, ransomware is the currently ubiquitous term for malicious software designed to remotely prevent a user’s access to devices or files until a ransom is paid, usually in the form of Bitcoin. The scenario goes, while using a device or laptop like normal to browse or e-mail or hunt for videos, a sudden message pops up like the one pictured. Now irreplaceable family photos, music files, work documents, tax returns, or any data of value are all inaccessible — unless you pay, of course.
As far as cyberattacks go, ransomware is one of the most straightforward in terms of end goal. After an initial compromise — usually through a phishing attempt — the malware infection sits quietly, evading antivirus and malware detection, and sends confirmation to a far-off controller that it has successfully infected a host. Then it gets instruction to lock the device or encrypt files and display a message demanding payment.
For now ransomware is only affecting computers. Attackers are largely indiscriminate when picking a target, home machine or office laptop, doesn’t make a difference as long as someone pays. But according to some, there is a real possibility that ransomware model will move to other devices and internet-connected appliances, or even automobiles. Imagine hopping into your car late for the morning commute when up pops a message on the nav screen that it won’t drive until a random e-mail address gets a payment of $250 in Bitcoin.
Just days ago, McAfee released a report citing a 58 percent growth in ransomware in Q2 alone. The accelerated growth is attributable to two main causes. First, attacks are cheaper and easier than ever to run. The availability of as-a-service malware options on public Github with helpful YouTube demos lowers the technical bar significantly. And second, those infected by ransomware campaigns seem willing to pay often enough that ransomware continues to be an enticing scheme. The money, according to most estimates, is really good.
OpenDNS Security Researcher Kevin Bottomley demonstrated at BSSides SF earlier this year just how easy and cheap it is to set up a phishing site that spoofs a real login page and looks strikingly legitimate. And in a blog post last month, he laid out the various flavors of ransomware one can encounter regularly. With a cheap phishing site and easy access to malware tools, it’s easier than ever to begin a campaign.
As for mitigating ransomware, it can often depend on the type of infection. “It should be noted that not all ransomware is created equal,” Bottomley wrote, “nor do they all act in the same way, but they all tend to leave (for the most part) a footprint that can be used to track and locate where it lives on the Internet.” This footprint means it could be possible to trace where attacks originate and block the related offending IP spaces and hostnames before they infect other users.
Protecting PCs individually is more straightforward, for now. A mid-year security report from Cisco security researchers suggests backups as the most effective way of protecting your data. Once files are encrypted by ransomware, be it work spreadsheets or family photos, the data can be nearly impossible to decrypt without a decryption key, which might mean losing it forever. Wiping and restoring is therefore an exercise that might become much more prevalent as a result.
“Users can protect themselves from ransomware by backing up their most valuable files,” the Cisco report authors wrote. “Users should also realize that their system could be at risk even after they pay a ransom and decrypt their files.”
There are other suggestions for protecting against ransomware attacks including endpoint protection, monitoring network traffic, end-user awareness training for phishing, and others. But the best way to not fear losing data, is knowing you can get it back. Like Jon Jacobi wrote in a simple, useful guide to backing up for PCWorld, it’s best to start backing up now. Yes, now.
To test your knowledge of phishing, try our online phishing quiz. If your score is low, it might be time to get some training
What are your ransomware suggestions? Share in the comments section or tweet @owen_lystrup or @opendns.