Like a bad flu bug that morphs and mutates only to come back stronger the following year, ransomware is here to stay. Unfortunately, there is no vaccine to stop this type of malware in its tracks. Much of its staying power can be attributed to the creativity of malware authors. Using existing ransomware samples, cyber criminals morph them to avoid detection while they spread like wildfire.
According to some security experts, the first known reports of ransomware attacks took place in Russia in 2005. Over the past 10 years, ransomware has spread to all corners of the globe, successfully targeting hundreds of thousands of business systems and home PCs. And, the losses are mounting: the FBI reported a loss of $18 million over a 15 month period in 2014 and 2015 due to ransomware attacks.
Ransomware works by making an infected system unusable by locking the screen or system, encrypting the data on the system and then demanding a ransom to unlock and decrypt this data. In some cases, once the user’s PC is infected, the ransomware also displays threatening messages disguised as coming from a law enforcement agency in order to appear credible while intimidating the PC owner. The payment of the ransom is usually demanded in the form of bitcoins, a virtual currency that is untraceable.
Looking back to 2015, some of the most significant forms of ransomware were:
- Teslacrypt - Detected in early 2015, Teslacrypt specifically targets computers with saved game files.
- CTB-Locker– This is a relatively new variant that leverages the much anticipated Windows 10 upgrade as a subject line in spam emails to lure users to open and click on the malicious ZIP file it contains as an attachment. Once opened, it drops the CTB-locker malware unto the user’s PC.
- Social Engineering – Creative trickery was used to spread Cryptowall 3.0, one of the most virulent forms of ransomware, by using Google Drive to deliver malware and encrypting users’ files.
- Operation Kofer – Just discovered in the last quarter of 2015, Operation Kofer automatically generates and delivers new variants for every target in order to avoid signature-based detection. The detected samples also showcase the ability to evade advanced detection techniques available in sandbox hardware devices.
Given the ability to easily morph existing and older strains of ransomware, and the alarming rate at which the ransomware family is growing, it’s evident that this malware is here to stay, at least for the immediate future. Some of the challenges that CSOs, IT departments and end users may face in 2016 include:
- Getting Personal – So far, it’s not widespread, but given the recently launched ransomware campaign in Germany, called Chimera, hackers may start to threaten people with the idea of exposing their encrypted personal information in public if the demanded ransom isn’t paid. This is an indication that ransomware authors are getting more brazen, and far more personal than they have been in the past.
- Creating a Ransomware Supply Chain – Ever-enterprising cyber criminal entrepreneurs may start offering ransomware as a service, transforming it into a large-scale and widespread business-like operation.
- Android Remains Vulnerable – The Android platform was already a hot target for malware in 2015. Expect more advanced and complex variants of SimpleLocker and other ransomware samples in 2016.
- Better Delivery, Higher Returns – Hackers will develop and use more sophisticated delivery mechanisms to spread ransomware and use more creative ways to extort money from their victims.
- New, Unaware Targets - As companies and more users become educated and aware of the dangers of ransomware and become educated on how they can avoid being victimized, expect more cyber criminals to target not-so-well-protected Internet-connected devices such as smart TVs, smart houses and refrigerators, cars, and more.
Make Fighting Ransomware a Priority This Year and Beyond
It’s critical to remember that cyber criminals are constantly creating and improving upon their tactics to stay a couple steps ahead of the anti-virus (AV) software that most companies already have installed on their PCs. While AV usually is highly efficient at blocking spam and malicious emails, there are still steps that can be taken to decrease the chance that your employees will be tricked by even the most creatively-worded email subject line. Some of the best ways to protect your device from ransomware are:
- Never download attachments or click links in emails received from unwanted or unexpected sources, even if the source looks familiar.
- Don’t respond to unwanted pop-up ads or alerts while visiting unfamiliar or even familiar websites.
- Keep up on all recommended security updates to your OS, software and Internet browsers.
- Schedule regular backups for all desktops. Rather than backing up systems while connected to the Internet, go offline instead. Not only will you have a copy of all critical company and customer data, this also ensures that you won’t have to meet the hacker’s demands.
About the Author: Sanjay Katkar is the Co-Founder and Chief Technical Officer of Quick Heal Technologies, a global provider of IT security solutions. He holds bachelor’s and master’s degrees in computer science from University of Pune, India. Katkar, who has been associated with Quick Heal since its incorporation, has spearheaded the development of the company’s enterprise software, technology and services. Quick Heal’s Seqrite data security product line is specifically targeted at small to midsize enterprises and is sold in North America exclusively through channel partners.
