Ransomware – The Newest Trend in End-User Attacks

by | Nov 14, 2016 | Cybersecurity | 0 comments

Ransomware is the newest variation of criminal attack in our complicated IT world. It’s both a personal computer and a business computer issue. In the 1800’s bank robbers would hold up the stage-coach or run into a bank guns blazing demanding money from the tellers. Our world has evolved from those days; we have cars, planes, and more specifically computers that are connected through the Internet. However the age-old story of a criminal trying to take money from a law-abiding citizen is still the same today. The latest form of the classic, stick–up robbery is called Ransomware.

Ransomware is a type of malware that can infect or attack a computer in three different ways: Encryption Ransomware which is the most common, LockScreen Ransomware and Master Boot Record Ransomware the least common but more deadly or problematic. Encryption Ransomware will literally encrypt your files and requires a key to de-encrypt or be able to see the files again.

How Does It Work?

Through a simple Internet connection, information on a specific computer, including pictures, files, spreadsheets etc., gets encrypted where the owner of the computer cannot access the information. Each time that person tries to open a file or do anything on the computer an information screen appears that tells the computer owner to essentially pay money to be able to unencrypt or access the files again.

In the early days of Ransomware, the screen that “asked for money,” often looked suspicious. It might have grammatical errors or typos in the text that would signal to a moderately educated computer user that something was amiss. It might not look “right”. But the bandana wearing bank robbers learned from their mistakes, and current criminals are no different. The messages often look “perfect” and can include official logos and emblems from well-known organizations such as banks, FBI, police, and Interpol.

Is this an Epidemic?

If this type of malware were compared to a historical virus, we could talk about it in terms of the Black Plague. It’s rampant and growing and it should not be ignored. The true extent of the epidemic is unknown. How many people would just pay the ransom and not want to be embarrassed or take the hassle to officially report?

Over the last two years, the epidemic has exploded. The U.S. Department of Justice has seen a 400 percent increase in Ransomware in the last year alone. Currently they report 4,000 attacks a day in the United States “that are reported.” We can assume that the majority of attacks remain unreported. And the dollar amounts are increasing. In the first three months of 2016, the FBI estimates that $209 million dollars were extorted through Ransomware.

Who is Vulnerable?

If you think you are not at risk from Ransomware, ask yourself these questions.  Do you use and keep important files on your computer? Does your computer access the internet? If the answer is “Yes”, to both of these questions, then this is an important topic for you. And if you play a major role in your business, are an owner, an executive or have financial data, then your business computer is at high-risk. Further, many employees remote into work through a VPN access and that is an easy way for Ransomware to penetrate a corporate firewall.

Most Ransomware is attacking Window’s computers, while a very small percentage is attacking Android or Mac phones or computers. But no one is immune. And it’s all only statistics until it’s your personal computer or business computer that is attacked.

Today Ransomware is financially motivated to pick small and desperate targets.  They often choose small to medium size businesses, or people that have some financial resources but are not powerful and well connected. Another key factor is the value of information is on the computer. Ransomware is coming from all over the world but the Eastern European and Russian areas are often an origin point for Ransomware.

Businesses connected to the medical world are at high risk, since  they have data rich computers full of personal medical information.

On the “black market” medical data is actually the most valuable information. You can change your debit card pin but you can’t change the fact you had surgery in 2005 and you have Hemochromotosis. Medical data doesn’t change and it’s valuable.

Should I pay the Ransom?

This is a personal choice. There is no guarantee that paying the ransom will actually give you the data back. Paying also perpetuates the problem. If a criminal knows he can blackmail in a certain way, they will then continue because it pays. But when it comes down to your computer or your businesses’ computer, if the contents are so valuable that it would put your business on hold or close your business, then you might decide that it’s worth the risk to try and get the computer contents back immediately.

Each case is unique. If you do decide to pay the ransom, make sure you involve a savvy IT person to help you. Often your goal is to receive an encryption key and there may be many steps and special browsers that you will need to use to get the encryption key.

How to Lower Your Risk of Ransomware?

  1. Patching your computer’s Software.There are so many pop-up windows that we tend to ignore their messages. We hit the “remind me later” button, because we don’t want to stop what we are doing right now. The Malware exploit kits are frequently found in well-known, ubiquitous software. These are known ransomware attack points: Adobe Reader, Adobe Flash, Sun Java, All Browsers, Skype, and QuickTime. Patch them right away.
  2. Back up everything.Make sure that your back-up is not online internet based, which could beeasily compromised. So back up regularly (at least once a week), and don’t leave the back-up online.
  3. Train employees to develop good security habits. When employees are in a personal setting, family members are aware of the issue, they are the first line of defense for all cyber security including this specific type of attack. Security Awareness Training can be tailored to a companies’ specific needs or can be purchased “off the shelf.” Typically good security awareness programs cover topics like phishing, Bring Your Own Device, social media, PCI compliance, and ransomware. If you are looking at Cyber Security Education and it does not have Ransomware in it, it’s outdated and you should look for a vendor who has kept up with the industry. One easy tip: once you have identified you are under attack by ransomware, unplug the computer. It can take up to 30 minutes to completely encrypt a machine; and if the internet connection is disconnected, it’s possible that only some of the data is fully encrypted.

  4. Anti-Malware software. Security protection of a business network is a vital component of a comprehensive cyber security strategy. There are several independent vendors who have software that specifically addresses malware and encryption malware.

  5. Don’t go to pirated software sites.The internet is full of sites that offer pirated software and material. These are known areas for ransomware. Not only are you attempting to get something that belongs to someone else, but you are at high risk for infecting your computer as well. Many ransomware architects use sites that offer pirated materials as a lure for easy access to new computers. Consider the consequences.