Just imagine the scene.
You’re diligently fulfilling your duties at work, not paying attention to much else when the following email lands in your inbox:
To:(insert your own name here)
Subject: Mid-2016 salary increases
The body of the email reads:
“Look what I got ahold of! By the way, for your eyes, ONLY.”
You rub your eyes and stare for a second. Did someone really just send you a list of employees who will be getting mid-year increases??
You’re thinking “I gotta read this!” and your fingers are getting ready to click that link but as you move your mouse closer to the attachment, a tiny voice inside you screams “Wait!” (bah, humbug.)
Is this attachment what is seems or is it possibly something really, really dangerous?
It’s a good thing you paused, for this little attachment contains malicious code, that once executed, would start to encrypt all the precious files on your computer and even your network. No amount of IT know-how can undo the code as it can only be unlocked with the correlating key that only the bad guys have access to. But they are willing to part ways with the decrypt key if you pay them somewhere in the ballpark of 20-40 bitcoins. How much is that in normal people money, you ask? Well, one bitcoin is equal to $418.97… So you do the math. But if you want to see your files ever again, you or your company is going to have pay.
Welcome to Ransomware.
Ransomware is not only one of the nastiest forms of malware to arise in the last 10 years, it’s also one of the fastest growing malware-related phenomena. In fact, in just the second quarter of 2015, there were 4 million new cases of ransomware affecting devices. Contrast this with the numbers from 2013’s third quarter, where less than 1.5 million cases were recorded. And the experts only expect the uptick to continue.
A quick ransomware history lesson
Ransomware started out as little more than an obnoxious practical joke, created by the not-so-stable biology professor Dr. Joseph Popp in 1989, when he distributed diskettes that supposedly contained Aids education software but in fact contained a virus that locked the computers of anyone who tried to use the software. For just $189, Popp would unlock the victim’s computer but in truth, the locking method he used, called “symmetric cryptography” was pretty easy to reverse – but this new concept, software that could be used for blackmail, was shocking.
Ransomware as a threat laid low until about 2006 when it resurfaced as GPCoder, using stronger encryption methods than its earlier counterpart. After that it was off and running with new yet similar variants starting to appear with regular frequency. In 2012 Reveton ransomware, posing as an email from local police departments, locked computers and charged victim’s $200 to have them unlocked. People paid up, assuming that the notices were indeed legit. Then in 2013, a newer, fiercer kind of ransomware emerged in the form of Cryptolocker and its variant, Cryptowall. Using a super strong form of encryption, the 2046-bit RSA key pair to lock victim’s computers, a lock-screen message would let them know that if they failed to pay the ransom within 3 days, the crooks would start deleting files – and the unlock fee would rise in accordance. Yikes.
There are lots of strains popping up every month or two, sometimes even weekly, but they all generally follow the Cryptowall/locker methods nowadays, they just find new, more frustrating ways to tweak their recipe.
On to bigger and better pursuits
And ransomware is on the go. No longer satisfied with merely locking PC’s, it’s moving on to other targets. Smartphones, wearables, and even Macs aren’t immune to the scourge which was highlighted by last month’s KeRanger ransomware attack on a limited amount of Macs. And now ransomware has found a new favorite target – hospital networks. Hospitals are especially vulnerable to ransomware attacks as their information is generally of a more critical nature than most businesses (when it comes down to it, yes, your life truly is more important than your money) and most hospital employee training focuses on compliance to HIPAA regulations, never coming near the topic of cyber security.
The state of ransomware is so perilous that on March 31st, the US and Canada issued a joint cyber alert to warn citizens of the damage ransomware can cause. They urge people to use caution when opening links in emails and on websites because, as we saw above, malicious links are the number one tool used by ransomware creators in their quest to cause innocent people and their money to part ways.
Here are some other tips to keep ransomware from ruining your day (and your files, too)
- Backup your files – First and foremost, when it comes to defeating ransomware, the most important thing you can do is have a backup of your files because once something like Cryptowall has started downloading to your computer, there is no known solution other than paying up or starting over. Choose a program that allows you to create automatic, incremental copies of everything on your computer. Use a cloud-based program like Carbonite or CrashPlan or use this guide to find the best match for your computing style.
- Keep your software updated – Malware and zero-day exploits, including ransomware, just love using those vulnerabilities to exploit a computer that’s running older, un-updated software and operating systems. To keep them from exploiting your computer, keep your software and programs updated. (insert link to article I sent you last week, Make your PC great again)
- Run an AV and Firewall – Make sure you are running a solid antivirus program and firewall to alert you to anything suspicious that might be trying to infiltrate your PC or smartphone. Running both AV and a firewall can help in a situation where an unknown threat gets past regular AV measures as the firewall might be able to block it based on certain criteria.
- DO NOT PAY UP – This can’t be stressed enough. Every time someone pays up, they show the baddies that they have won and that their methods work. These creeps are making millions of dollars because they know they have you in a hole. Don’t give in to them, just make sure you are following tips 1, 2 and 3 before disaster strikes. If everyone stopped paying up, ransomware would cease to exist.
Stick with us at ZoneAlarm to find out the latest ransomware-related news and remember this axiom – Backup, get set up, but never, never pay up!