While cybercrime has consistently "enjoyed” a reputation as the fastest growing criminal activity in North America for several years now, 2016 has seen an explosion of one particular type of cybercrime: Ransomware.
According to cybersecurity company Proofpoint, Inc's Quarterly Threat Summary, ransomware activity has jumped 230% quarter over quarter, with no signs of slowing down. The scam is catching on and threat actors are rapidly adopting more sophisticated and varied methods of attack to get in on the feeding frenzy.
Ransomware is a type of malware that effectively holds a user's computer files hostage. Once infected, the malware locks the system's screen or encrypts all the files on the computer rendering them useless. A window prompt will then display a very simple message; "pay up, or kiss your data goodbye.”
It's important to understand how much leverage the cybercriminals hold once a computer has been infected. Encryption is not like locking the files behind a password or other simple security measure. You can't just do a system restore or try to copy the files to another drive. Without the proper key to unlock them, it is effectively impossible to retrieve those encrypted files. The threat is so severe that Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program's Boston office when speaking on the topic of ransomware says "to be honest, we often advise people just to pay the ransom.”
And that is exactly the problem with ransomware, and the cause of its sudden popularity as a data attack, it works. As an extortion method, ransomware has an astoundingly high success rate. The threat of losing critical work or personal data or having it disseminated around the net, as ransomware messages frequently claim they'll do (even if it's likely that they actually can't), is enough to make many victims pay. They've even managed to grift a number of police departments in Massachusetts, Tennessee, and New Hampshire who were forced to embarrassingly knuckle-under rather than risk losing vital documentation.
Compared to phishing schemes, bot-nets, and malicious ad-injection, ransomware is exponentially more lucrative. While the vast majority of old fashion cybercrime relies on targeting massive numbers of users to take advantage of a small number of victims that fall for the ploy, ransomware's attack plan demands a response from its victims, that means big paydays for cybercriminals, and they're doing everything they can to cash in.
Ransomware attacks have not only increased exponentially in the past six months, so have the number or variants and attack avenues they use. Analyzing the use of malicious document attachments, Proofpoint found that 69% of them utilized the new Locky type ransomware, already displacing the previous dominant malware kit Dridex. A rash of other competing malware exploit kits such as CryptXXX has always appeared this quarter and are quickly gaining popularity. The sheer number of different exploits and viruses being employed by cyber hostage-takers have made it difficult for software security companies to effectively respond. The threats just keep changing.
Perhaps even more insidious than the proliferation of different ransomware types is the rising trend of so-called "ranscam-ware.” This is malicious code that blocks access to your files and demands a fee to get them back similar to ransomware, but doesn't live up to the other end of the bargain once the payment is made.
Instead of locking files, ranscam schemes often just delete them, claiming to have them "located in a secure server.” The unfortunate victims of the scheme are made to pay for the safe return of something the criminals don't even have. Some particularly egregious ranscam schemes will even claim that your first (and subsequent) payments have failed, encouraging panicky users to fork over the ransom multiple times in the vain hope of retrieving data that is already deleted and gone. A particularly cruel and predatory twist on an already unsavory activity.
With the rising proliferation of ransomware scams and law enforcement's current difficulty in shutting them down, it is more important than ever to take precautions to safeguard your data and livelihood. Users need to be extra vigilant when opening attachments and following links from suspicious emails. While not every ransomware attack vector is known at this time, email-based scams and hacked websites are still the usual suspects and most likely vulnerabilities. A reliable anti-virus program can also help. Several major anti-virus providers have dedicated recent patches to identifying and isolating ransomware attempts before they have a chance to do damage.
Backing up your data on a regular basis can be an effective deterrent as well. There is less pressure to pay a ransom if you know you have back-ups. This is an important precaution for personal users as well as businesses. If your business does not have a competent off-site data back-up system yet, now is the time to get one.
There are also risk control insurance packages that can help protect vulnerable businesses and users. Businesses and professionals responsible for securing sensitive data should strongly consider discussing the matter with an insurance broker.
The wave of ransomware schemes is going to get worse before it gets better. If current trends remain consistent, thousands upon thousands of users can expect to be stuck in a ransomware situation in the next three months. Make sure you're not one of the unlucky ones forced to hand over cash to criminals who may have already deleted what you're trying to save. Protect yourself today.