The beginner’s guide to ransomware

20012126873_e376a09029_k

Ransomware is nothing new, but has made the headlines quite a few times since last year, as it has become a mounting threat and is dealing damage to individuals and companies alike. If you’ve heard of the scary stories of computer viruses locking out files and extorting money out of users without leaving a trace, then you already know what ransomware is.

Whether you’re afraid of being the next victim of ransomware or not, it pays to know more about how it works, where it comes from, and some basic measures that can help you protect yourself against it.

What is ransomware?

Ransomware is a breed of malware that locks your entire device (computer, tablet, smartphone) or your files, and prevents you from accessing them until you pay a specific amount of money. Its main method of delivery is through virus-infected email attachments or malicious ads and content running on hacked websites. Once ransomware is installed and activated on your computer, you receive a message like the one below, which informs you of the attack and gives you instructions on how to pay the ransom and unlock your device. Ransomware developers usually try to give a legal theme to their messages to induce guilt to the victims.

ransomware dialog

Ransomware has been around since 2005, when it first showed up in Russia and other parts of Eastern Europe. The earlier specimens of the malware were limited to locking computers or keyboards and forcing users to pay up. The newer generation of ransomware, known as crypto-ransomware, encrypts your computer’s files and holds them hostage with a private key only the attacker possesses, which will be delivered to you when you pay the ransom. Some of the more advanced crypto-ransomware viruses go further and also encrypt files on any shared or external drives connected to the computer, granted they gain access to it.

Ransomware attackers usually stay true to their promise and unlock your files and device when the ransom in order to maintain a reputation and encourage future victims to pay up as well, but there have also been cases where attackers have disappeared after getting their cash. In order to create a sense of urgency, victims are usually given a two- or three-day window of time to pay the ransom. If the victim fails to pay, the amount is increased or the lock becomes permanent.

Ransomware started out as a desktop and laptop computer virus, but has since been propagated to other devices and is also targeting smartphones and mobile devices. There are also signs that it may soon be proliferated to other connected domains, such as the much volatile and vulnerable Internet of Things (IoT).

In the early days of ransomware, one of the biggest problems attackers were facing was how to collect money from the victims. With online payments not being very popular at the time, attackers instructed victims to pay via SMS or pre-paid cards, which could eventually be traced back to the attacker’s phone. Bitcoin, the anonymous crypto-currency, which made its appearance in 2009, proved to be the missing piece of the ransomware puzzle, and it became the most popular method of demanding ransom because its transactions couldn’t be tracked.

Who is targeted?

Anyone who is likely to pay, a report by the Institute for Critical Infrastructure Technology finds. For the most part, attackers are after individuals, average users who are wont to overlook basic security measures, such as installing system updates and backing up their data on an offline storage medium or in the cloud.

But ransomware has also hit some juicier targets. Among them was the Swansea, Massachusetts, police department, which was ransomed for two Bitcoins ($750 at the time). The first few months of 2016 have seen several U.S. hospitals targeted by ransomware, including the Kentuky-based Methodist Hospital, which was hit by the Locky malware, and the Hollywood Presbyterian Medical Center, which shelled out $17,000 after the hospital was shut down by hackers. Other cases include an Oregon church and South Carolina schools.

How serious is it?

Very. FBI issued an alert last year, warning about the rise of all kinds of ransomware. A mid-March report by Intel Security found a 26 percent quarter-over-quarter increase in ransomware attacks. Other analyses and reports indicate how ransomware viruses are becoming smarter and harder to find.

The amount of damage being dealt by ransomware is also worth explaining. Ransomware attacks can be considered as the most reasonable type of money-extorting schemes. Since targets are mostly ordinary people, ransomware attackers usually keep their shakedown demands at a level that will persuade a larger percentage of victims to pay. In most cases, victims are asked to fork over one or two Bitcoins, which amounts to a few hundred dollars. There have also been instances where attackers have swindled several thousand dollars from a single victim, but those are the more special cases where larger institutions such as hospitals were targeted.

But as a whole, ransomware attacks are dealing a lot of damage. In 2015 alone, the FBI received some 2,500 complaints related to ransomware attacks, which roughly amounted to $24 million in losses for the victims. And those only account for a small percentage of ransomware attacks. A considerable percentage of victims don’t even bother reporting to law enforcement. In 2012, security tech firm Symantec gained access to a command-and-control (C&C) server used by the CryptoDefense malware (one of the earlier instances of crypto-ransomware), which showed the attackers where hauling in at least $34,000 a day. CryptoLocker, the famous ransomware that arrived in August 2013, infected more than half a million victims in its first six months, earning its owners some $27 million, according to FBI estimates.

Ransomware has become the basis of a very lucrative business for malicious hackers, as “success breeds more activity,” according to a law enforcement agent told the Washington Post on the rise of ransomware attacks. According to Intel Security report, Ransomware software is available to all as open source code that can be used and manipulated for free. And for those evil-minded criminals that don’t have the skills to develop their own ransomware, they can use the “ransomware-as-a-service” business model, where they hire hackers to do their bidding.

How do I protect myself?

The first line of defense against any sort of malware is to keep your operating system and antivirus software up to date with the latest patches and definitions. But in itself, this measure isn’t enough, because there are many new variations of ransomware software popping up every day, and by the time antivirus manufacturers find the new specimen and update their software, it might be too late.

Cyber-hygiene is also an important factor. Be very careful when opening attachments to emails, especially when dealing with files that can have malicious content, such as .doc and .rar files, which have a long history of delivering malicious payloads. As a rule of thumb, never open attachments belonging to emails that come from unknown sources. Also, be careful when you browse websites, especially those that contain ads, because ads are one of the main mediums that ransomware is delivered. Ad blockers can help reduce the threat, plus taking care not to download software that comes from ads, no matter how tempting its offer might sound.

Finally, you should always keep backups. This does not include backups on your local network, because ransomware software can find and lock those as well. You should either keep a copy on an offline storage medium or in the cloud, so in case you’re hit by ransomware, you can restore your files instead of paying out to the criminals.

But in many cases, the downtime is even more damaging than the ransom money itself, especially for businesses and organizations. By the time you buy the key or restore your backups, you might have lost precious time. We need new, layered and multipronged approaches to detect and prevent new ransomware from dealing damage. There are already several different initiatives and technologies out there that are dealing with this issue. I will also be talking about it in my future articles. Stay tuned for more… and stay safe.

Advertisements

43 comments on “The beginner’s guide to ransomware

  1. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  2. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  3. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  4. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  5. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  6. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  7. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  8. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  9. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  10. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  11. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  12. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  13. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  14. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  15. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  16. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  17. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  18. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  19. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  20. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  21. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  22. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  23. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  24. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  25. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  26. […] allen Geldverdienen Systeme Hacker beschäftigen, die am weitesten verbreitete vielleicht ist ransomware, eine Malware, die über infizierte E-Mail-Anhänge und hacked Webseiten oder websites mit […]

    Like

  27. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  28. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  29. […] all a money-making schemes hackers employ, a many prevalent is maybe ransomware, a malware that is customarily delivered by putrescent email attachments and hacked websites or […]

    Like

  30. […] all the money-making schemes hackers employ, the most prevalent is perhaps ransomware, a malware that is usually delivered through infected email attachments and hacked websites or […]

    Like

  31. […] 勒索软件 可能是最普遍的一种。这种恶意软件通常会通过受感染的邮件附件, […]

    Like

  32. […] 勒索软件 可能是最普遍的一种。这种恶意软件通常会通过受感染的邮件附件, […]

    Like

  33. […] Ransomware is currently undergoing that stage at a very fast pace, and theres no sign of it slowing down any time soon. It is inflicting major losses and damage to companies, organizations and individuals, and raking in millions of dollars for cyber-criminals, and there seems to be no ebb to the flow. This warrants the need for new approaches to fighting ransomware in particular, and malware in general. […]

    Like

  34. […] damage. You’d be surprised to learn how many users fall for the ruse. Some of the most successful ransomware campaigns were staged this […]

    Like

  35. […] Ransomware is currently undergoing that stage at a very fast pace, and theres no sign of it slowing down any time soon. It is inflicting major losses and damage to companies, organizations and individuals, and raking in millions of dollars for cyber-criminals, and there seems to be no ebb to the flow. This warrants the need for new approaches to fighting ransomware in particular, and malware in general. […]

    Like

  36. […] Kaspersky report states. The malware-as-a-service trend is being observed elsewhere, including in the ransomware business, which, at present, is one of the most popular types of money-making malware being used by […]

    Like

  37. […] Kaspersky report states. The malware-as-a-service trend is being observed elsewhere, including in the ransomware business, which, at present, is one of the most popular types of money-making malware being used by […]

    Like

  38. […] Kaspersky report states. The malware-as-a-service trend is being observed elsewhere, including in the ransomware business, which, at present, is one of the most popular types of money-making malware being used by […]

    Like

  39. […] report states. The malware-as-a-support pattern is remaining noticed in other places, including in the ransomware small business, which, at current, is 1 of the most common kinds of dollars-making malware remaining employed by […]

    Like

  40. […] Kaspersky report states. The malware-as-a-service trend is being observed elsewhere, including in the ransomware business, which, at present, is one of the most popular types of money-making malware being used by […]

    Like

  41. […] Kaspersky report states. The malware-as-a-service trend is being observed elsewhere, including in the ransomware business, which, at present, is one of the most popular types of money-making malware being used by […]

    Like

  42. […] 2016. As individuals, organizations and government agencies, we’re taking precautionary steps to protect ourselves against malware that can encrypt files beyond our […]

    Like

  43. sandeep says:

    Very useful Complete Guide on Ransomware ! such a great article. i would also like to recommend : http://www.desktopsupportpanel.com/ransomware-virus-overview-advanced-prevention-tips

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s