The problem of ransomware isn’t getting better. Recent examples of widespread attacks, including CoinVault, CryptoLocker and CTB-Locker, show that ransomware has become an important part of the cyber-criminals’ arsenal. Despite this worrying trend, a survey we conducted recently found that a mere 37 percent of companies across the globe actually consider this to be a serious danger: an oversight businesses simply can’t afford to make.
Ransomware is effectively a digital mechanism for extortion – blocking access to a computer system, or encrypting data stored on the computer, until the victim pays a ransom. The key motivation is to extort money from victims. But if the victim is a business, and it doesn’t have a backup, the impact on the company’s intellectual property and other sensitive data could be disastrous.
Typically, ransomware is delivered as an email attachment: once the attachment is opened, the malware is installed on the victim’s system. However, a victim might also be infected with ransomware by clicking on a link or downloading an infected file from a website.
Like a lot of malware, ransomware programs try to be as stealthy as possible, showing no impact on the system until it is blocked or data has been encrypted. It is only when an unwelcome message appears on the screen, demanding payment of hundreds or thousands of pounds that a victim realises something is wrong. Unfortunately, at this stage, it is already too late to save data through security countermeasures (unless the way the cyber-criminals have implemented their encryption mechanism allows security researchers to develop a way of decrypting the data – something that has become less likely over time). The cyber-criminals often apply additional pressure to their victims by setting a time limit for payment – after which the data will be lost for good.
So how does it work? Let’s take TorLocker as an example. This ransomware program starts by deploying an encryption mechanism that is nearly impossible to crack. The malware deletes all system recovery points and encrypts the victim’s Office documents, video and audio files, images, databases and virtual machine encryption keys, certificates and other files on hard network drives or other connected storage devices. Then it displays a dialogue box demanding that the victim pays a ransom to decrypt their own data.
What’s particularly troubling is that TorLocker infects each system in a unique way, so even if somehow a key to decrypt the data is found, the key would not be useful for decrypting data on other systems.
And it doesn’t stop there. If the ransom is paid, this only confirms their business model, so they will continue to develop ransomware programs to exploit individuals and companies.
To fight back in this war against cyber-crime, it is vital to employ security in-depth, including a robust backup solution, based on a comprehensive cyber security strategy. As part of a business’s armour, it is important to make ‘cold’ backups – read-only and write-only, no delete/full control access – that cannot be deleted by a ransomware program. Some ransomware programs also encrypt files, including backups, stored on network shares or other connected devices.
If you have already been infected, and there is no backup or preventive technology in place, there is very little that can be done. So, before the worst happens, businesses must put measures in place to block ransomware and ensure that staff are aware of the tricks cyber-criminals use to entice victims into installing ransomware programs. They should also beware of using uncredited software that has been found on the Internet, claiming to fix encrypted data. In the best case, this software is a useless solution and in the worst it might distribute additional malware.
The fact is that the average consumer and both large and small businesses can all be victims of ransomware. Cyber-criminals certainly do not discriminate and are often looking to impact as many people as possible to reap the highest financial gain. Unfortunately, ransomware attacks against businesses are only growing, as cyber-criminals become increasingly aware that organisations are more likely to pay the ransom in the hope of maintaining business continuity.
While today’s threats are becoming more sophisticated, too many of us – both in the office and at home – need to improve cyber security practices. What’s worse is that some are still using either outdated or unreliable security solutions that do not provide any of the necessary protection. With the growing number and complexity of ransomware attacks, it is vital that we stay on our guard and deploy the most effective protection available.
David Emm is principal security researcher at Kaspersky Lab
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…