Ransomware is essentially a digital mechanism used for extortion. Most commonly, ransomware attacks encrypt the victim’s data and then demand a ransom for the return of the information. Data is an incredibly valuable asset, many people are willing to pay for its return.
Unfortunately, paying the ransom is the worst decision you can make as a ransomware victim. Paying the ransom does not guarantee you will get your information returned, or will be returned decrypted. Modern crypto malware uses encryption schemes that seem to be unbreakable, so paying up may feel like it’s your only option to get your data back.
We will discuss every aspect of ransomware, from how it happens, how not to be vulnerable, and the best course of action if you do fall victim.
As cybercriminals become increasingly aware that ransomware victims are willing to pay to get their information back, the prevalence of ransomware and its variations will continue to rise.
A common ransomware scenario is as follows. The victim receives and email from what appears to be a friend or other trusted source, and the email contains an executable link. The file is opened unknowingly because it appears to the recipient as innocent, and immediately this triggers the download of crypto malware. The victims files are then encrypted and held hostage for a ransom in order to get the decryption key.
A different, more sophisticated crypto malware mechanism is delivered a Trojan of the Zeus/Citroni virus, which is easily purchased by attacks for only a few thousand dollars. This sum is not significant when considering the hundreds of thousands of dollars it can earn the cybercriminal. Attackers are able to drop the Citroni into a user’s computer using the Angler exploit kit. This particular ransomware contains a number of unique features, and according to researchers is the first ransomware that used the Tor network to command and control.
Regardless of the delivery, victims are often made aware of the attack via the appearance of a dialogue box, informing them of the infection, and demanding a ransom amount. Users are often told that they have 72 hours to pay the ransom or the decryption key will be destroyed and their information will be lost forever.
The Big-Business Of Ransomware
A large number of victims simply pay the ransom and chalk it up to the cost of doing business in the digital age. And because of this, ransomware is big-business for cybercriminals.One of the most famous ransomware variations called “CryptoLocker”, has infected tens of thousands of machines, generating millions in revenue for the attackers behind it.
The numbers don’t lie, and the threat of crypto malware is increasing, with attack reports in the millions, and growing by leaps and bounds every year. As long as people are willing to pay the ransom, the threat will continue. Statistics show that up to 40% of victims pay the ransom, helping attackers rake in an estimated $30 million a quarter.
Because of the inability to decipher files that have been encrypted by modern spyware spawns, there is an additional threat, that of a false remedy. Users who are desperate to resolve tier issue without paying the ransom search the internet for help and stumble across software that claims to fix the encrypted data. In reality, there is no fix, and the software is either a useless waste of money or worse, distributes additional malware.
The Evolution Of Ransomware
Cybercriminals become more sophisticated in their methods with every passing year. In the beginning, the first crypto malware used a symmetric-key algorithm, using the same key for encryption as for decryption. This made it easier, with the help of anti-malware vendors, for the encrypted information to be decrypted.
It didn’t take long for attackers to step up their game, and they began using public-key cryptography algorithms that use two separate keys. Public key for encryption, and a private key for decryption. One of the first public-key crypto systems to be used by cybercriminals was called RSA, and experts were able to crack a 660-bit RSA code, but soon after the authors switched to a 1.024-bit key, making it practically impossible to decrypt.
It is not possible to decrypt files that have been encrypted by modern crypto malware. This means the only measure of defense one has is it to keep data safe by backing up files. Unfortunately, a regular backup is not enough, as it leaves files that have been recently changed unprotected.
Many ransomware variants are intelligent enough to look for backups and encrypt those as well, including those residing on network shares. In response to this, Kaspersky has developed an alternative method of defense, based on the System Watcher module.
Don’t leave yourself vulnerable to malware attack. Contact Hammett Technologies to discuss how to stay ahead of cybercriminals and ensure you are never left without your important information or resources. Call us at (443) 216-9999 or send an email to firstname.lastname@example.org.