Ransomware is a type of malware that is used to infect a computer so that the user is prevented from accessing data or information stored on it. The malware is usually delivered via some form of correspondence, such as an phishing email with a malicious attachment. To lure users into opening the attachment, the criminals behind the attack often make them appear to come from a trusted institution, such as a financial institution or a government body. Once the malware installs itself on the computer, it encrypts files and documents to prevent the user from opening them. Users will often then see a message displayed on their screen that instructs them to pay a ransom in order to have their files or computer unlocked.
Reports regarding the use of malware to extort money date from as far back as 1989, but the use of such exploits took off in 2005 when Russian criminal gangs started to use them on a larger scale. A particular surge has been seen recently, starting in 2012 and gaining momentum in 2013. Today, ransomware is considered to be a major and growing threat to computer users and one that organizations and individuals alike need to take seriously. According to a report released by Dell SecureWorks in December 2013, one particular ransomware strain, CryptoLocker, had been used to infect some 250,000 computers since it was released in September 2013. With an average of $300 in ransom demanded from each user, it estimates that criminals may have already netted nearly $28 million from this scheme alone in just a three month period.
At present, the majority of victims are English speakers, with the majority of infections seen in the US. In terms of organizations, the most common victims so far have been financial institutions. However, the National Crime Agency of the UK is reporting a surge in attacks against victims in the UK, with 7,000 reports of ransomware made to Action Fraud from April to September 2013. The report reveals that attacks are increasingly being seen against small and medium firms, and even individuals are being increasingly targeted.
Protecting Your Organization
To protect themselves, organizations and users should take some common-sense precautions, including ensuring that anti-malware controls are installed on all systems, with the latest updates applied, along with other security controls that include firewalls, vulnerability protection, and intrusion detection and prevention systems. There are also newer controls coming onto the marketplace that aim to isolate and remediate threats in file-based attacks—particularly useful since most such malware seen to date is propagated via email attachments—and many claim to even be able to stop zero-day attacks that are not picked up by traditional antivirus solutions.
All computer users should also ensure that valuable data and information are regularly backed up, with those backups stored off the network so that they cannot be affected. But perhaps the most common-sense step to take is to educate users not to open or download suspicious email attachments. Even those that appear to be legitimate should be treated with caution, especially those that users weren’t expecting to receive.
Many sources are advising those affected to not pay the ransom as this provides no guarantee that the hacker will actually unlock the computer once payment is received. Rather, they should disconnect the infected computer from the network and take remedial action, such as seeking professional assistance to clean the computer or using remedial software solutions available from a variety of antivirus vendors. However, while these steps this will clean the computer, they will not help to restore encrypted files. There is no substitute for proper backups, and many are predicting that the growth of ransomware expected in 2014 will provide a boon for storage and backup vendors.
Ransomware is a threat that is growing rapidly and is an increasing threat to businesses and end users alike—particularly so because it is believed to yield faster and higher financial returns for criminals than other methods of committing online fraud that require significant preparation in terms of targeting individuals and organizations. Its continued growth shows the scary evolution that is occurring in the ever-increasing sophistication of security threats. All organizations and users should prepare themselves now for the serious threat that is posed by these exploits.