While there may be more than 1 billion pieces of malware prowling the internet for a chance to infect victims, one particular piece of nastiness has been inflicting financial losses and security headaches for years.
Known as ransomware, its sole purpose is to block access to computer systems or files until the victim pays a ransom. These ransom demands fluctuate wildly, from the equivalent of a couple of hundred dollars to several hundred thousand.
Ransomware in a Nutshell
In the simplest terms, ransomware is a piece of malicious software that prevents users from using their devices or accessing their personal or important files, unless a sum of money is paid. Payment is usually demanded in cryptocurrency, such as Monero or Bitcoin. Victims are told to purchase these digital assets and then transfer them to the attackers.
Ransomware has evolved over the past decade in an effort to target more victims, generate huge profit for cybercriminals, and make it nearly impossible to recover data unless the victim pays the ransom note or recovers it from backups.
While encryption is considered a powerful tool for ensuring online privacy, by allowing everyone to communicate without fearing that others are eavesdropping, ransomware developers have used it to make sure affected files cannot be used. Some encryption mechanisms make it impossible to recover data unless attackers agree to send victims the decryption key, unlocking access to the affected system after the ransom is paid.
Imagine someone breaking into your home, finding your jewelry, locking it in an impenetrable chest in the middle of your home, then leaving with the key after placing a ransom note. If you contact the burglar and pay the ransom note, he will give you the key to unlock the chest and get to your jewelry. Otherwise, good luck breaking the chest. You know all your valuables are there, but you simply can’t use them. Ransomware acts in a similar way, except that it goes after your files and data.
While early ransomware strains were less malignant and focused on preventing users from accessing their devices by using screen lockers (no data was encrypted), later versions started using encryption (known as crypto-ransomware) and various techniques to lock you out of your locally stored files, and even cloud backups. Some crypto-ransomware families have even generated the equivalent of more than 2 billion dollars in paid ransom in less than two years of activity.
Other ransomware families have started adopting extortion as another intimidation tactic to scare victims into paying. For instance, before attackers actually encrypt sensitive data, they steal it from victims and threaten to expose it online as part of a public shaming campaign if the ransom demand is not met.
Finally, the most disruptive forms of ransomware are known as disk-encryptors. Unlike file encryptors, disk encryptors prevent users from booting their entire operating system as the ransomware holds the entire disk drive “hostage”.
Ransomware Spreading Mechanism
Emails remain one of the most-used mechanisms for spreading ransomware. Either tricking victims into clicking on links and downloading ransomware-infected files, or attaching tainted documents that pose as CVs, invoices, and other types of files, spam emails account for a large number of ransomware infections. As soon as a victim opens the file, a message is displayed on their desktop warning them that their files have been restricted, along with instructions on how to purchase the decryption key if they want their files back.
Another technique that attackers use is to buy advertising on high-traffic websites and then leverage them to exploit unpatched vulnerabilities in browsers or plugins. When such a vulnerability is exploited, the browser or plugin crashes and the ransomware payload is automatically installed. Many users have grown reluctant to open attachments or click on email links, so this method removes any user interaction or social engineering component by relying on unpatched vulnerabilities.
Cybercriminals also deliver ransomware by using pirated content downloaded by victims from torrent or “warez” websites. Unsuspecting users download ransomware disguised as cracks, key generators and other types of software onto their systems, execute them, and consequently install ransomware.
How to Stay Safe from Ransomware?
Ransomware is a highly lucrative business for cybercriminals, and they’re constantly investing in new ways to infect victims and make it difficult for security solutions to fend off. However, it’s not impossible to defeat ransomware. Law enforcement and security companies have been working together for years to help victims recover their files. Initiatives such as the nomoreransom.org website can help ransomware victims recover their data, in cases where law enforcement or security vendors have found a way to decrypt files for specific ransomware families.
Before you have to resort to that website, it’s recommended to install a security solution that can detect even the latest ransomware families through the use of multiple layers of protection designed to detect malware during various stages of the attack.
Performing regular backups of your critical or important files and documents is also recommended. Keeping those backups on storage devices not directly connected to your computer or discoverable on your network is also required, as ransomware infections usually seek out connected storage devices and encrypt those as well. By doing this, even if you get infected and lose your locally stored files, you can always recover from a backup without paying the ransom note.
Both law enforcement and security companies recommend not giving in to ransom demands. Paying only serves to financially fuel the development of new and more sophisticated ransomware families, helps finance other cybercriminal activities, and ultimately legitimizes the ransomware business by making it profitable for cybercriminals.
Remember! It’s important to always keep an eye out for unsolicited emails, constantly update all your software and operating systems, install a security solution that features multiple layers of protection against ransomware, and not give in to extortion.
Here at Bitdefender we focus on keeping your devices protected from malicious activity and threats of all kinds. Now more than ever, you need autonomy and safety as you reach the world via your internet-enabled devices. That’s why we have extended the trial for our best security suite, ensuring that you can take care of your family’s devices for up to 90 days. If you’re already set up, why not make an unexpected gift to your loved ones who might not be aware of emerging cyber threats?