Ransomware is a type of malware that locks your keyboard or blocks your computer system, preventing or limiting users from accessing the data, until they pay a ransom or some form of compensation.
Bitcoin has become the popular method for demanding ransom because it increases the chances of anonymity in the transactions and prevent perpetrators from being tracked. The growth in digital payment methods has greatly contributed to rapid spread of ransomware.
According to an FBI issued alert, all types of ransomware are on the rise and are affecting individuals, businesses, government agencies, academic institutions, and even law enforcement agents. And now ransomwares are also targeting mobile phones apart from desktop machines or laptops, that locks them down and demands payments to unlock them.
How do they infect?
The malware can infect you via malicious email that includes an attachment that could be an executable file, an archive, or an image, via website that has planted malware, or through a backdoor which the hackers might’ve already infected your computer with, and through which they can gain entry. Ransomware examples: CryptoLocker, CryptoWall, CoinVault, TorLocker, CoinVault, TeslaCrypt and CTB-Locker.
Earlier forms of ransomware would infect computers when users opened e-mail attachments that contained the malware. Once the attachment is opened, the malware is deployed on the user’s system. But more recently, the number of incidents involving “drive-by” ransomware is on the increase, where computers can be infected when a user simply clicks on a compromised website, with a deceptive e-mail or pop-up window acting as a bait. Once on the site, a user unknowingly executes unsafe script and the malware is deployed to the system.
According to Kaspersky, there are also certain botnets that are found in routers, BGP (Border Gateway Protocol) – the main routing protocol of the Internet can be compromised, numerous attacks targeting router DNS settings are also performed. And when a user’s machine is infected, nothing visible happens right away. The malware silently operates in the background until the system or data locking mechanism is deployed and engaged.
Why do they do it?
Databases are leaked by different people for different purposes. Some of them do it for money, some to show off their “skills” and prowess, some hackers leak data to defame particular people or organizations. But whatever their goals are, it’s not mere speculation that the amount of these attacks is likely to increase in 2016.
Ransomware to take on new forms and route
On December 21, 2015 FireEye held a press conference in Tokyo, about their internet security predictions for 2016. FireEye’s executive officer vice president Iwama Yuhitoshi, predicted that there will be increased ransomware bitcoin attacks in 2016.
“This year (2015), the internet witnessed the emergence of “ransomware” a form of malware that encrypts the data of victims before claiming a ransom in bitcoin. Although it might be a crime in some countries to even use bitcoin, some victims had to pay those bitcoins to decrypt their priceless data. Unfortunately, the year 2016, will be the starting point of much more sophisticated forms of ransomware attacks” as quoted by Iwama Yuhitoshi.
Iwama Yuhitoshi had also predicted attacks on Apple products and services to rise significantly in 2016. An attack targeting Linux devices and owners of expensive Apple devices will be a haven for hackers since the victims can pay more. No wonder Apple who is locked in a major legal battle against FBI this year, is putting up a fight when asked by FBI to provide a backdoor to access the San Bernardino shooter’s iPhone.
Kaspersky predicts that in 2016 ransomware creators could probably switch their attention to new platforms and that we’ll also see ransomware designed to lock different parts of the Internet of Things. Now with the proliferation of IoT and more devices being connected, attacks have taken a new course.
Protecting against ransomware can be difficult since attackers actively alter their programs to defeat anti-virus detection (which to an extent can ward off some dangers). Doing regular backups of your data and storing it offline is one way to do it. While it may diminish your risk of becoming a victim of ransomware – it won’t be enough, especially considering the long term.
For that you may want to seek the professional services of firms who can be proactive and diligently do remote monitoring of your organization’s network, server, storage, and backup, enable automated patches for the OS and web browsers and give proper and timely support.
One thing is certain – complying with the hacker demands and paying ransom is not the way to go. It will only encourage the criminals to keep going, not to mention the very probable chance of these hackers not keeping their end of the bargain.