Be afraid. Seriously. Ransomware is growing up fast, causing painful disruptions across the Internet, and it will get much worse in 2015.
Ransomware is the criminal activity of taking hostage a victim’s important digital files and demanding a ransom payment to return access to the rightful owner. In most cases files are never removed, simply encrypted in place with a very strong digital lock, denying access to the user. If you want the key to restore access to precious family photos, financial documents, or business files, you must pay.
An entertaining and enlightening opinion piece in The New York Times highlighted how an everyday citizen was impacted, the difficulties in paying the ransom, and how professional the attackers support structure has become.
Everyone is at risk. Recently, several law enforcement agencies and city governments were impacted. Some of them paid the attackers for their “decrypt service.” This form of digital extortion has been around for some time, but until recently it has not been too much of a concern. It is now rapidly gaining in popularity as it proves an effective way of fleecing money from victims both large and small.
With success comes the motivation to continue and improve. Malware writers are investing in new capabilities, such as Elliptic Curve Cryptography for more robust locks, using the TOR network for covert communications, including customer support features to help victims pay with cryptocurrency, and expanding the technology to target more than just static files.
Attackers are showing how smart, strategic, and dedicated they are. They are working hard to bypass evolving security controls and processes. It is a race. Host-based security is working to better identify malware as it lands on the device; but a new variant, Fessleak, bypasses the need to install files on disk by delivering malicious code directly into system memory. TorrentLocker has adapted to avoid spam filters on email systems. OphionLocker sneaks past controls via web browsing by using malicious advertising networks to infect unsuspecting surfers.
One of the most disturbing advances is a newcomer RansomWeb’s ability to target databases and backups. This opens an entirely new market for attackers. Web databases have traditionally been safe from attacks due to technical complexities of encrypting an active database and the likelihood of good backups, which can be used in the event of an infection. RansomWeb and the future generations that will use its methods will target more businesses. Every person and company on the web could come across these dastardly traps and should be worried.
In this year’s Top10 Cybersecurity Predictions, I forecast the growth of ransomware and a shifting of attacks to become more personal. The short-term outlook is definitely leaning toward the attackers. In 2015 we will see the likes of CryptoWall, CoinVault, CryptoLocker, RansomWeb, OphionLocker, Fessleak, TeslaCrypt, TorrentLocker, Cryptobit, and others continue to evolve and succeed at victimizing users across the globe. It will take the very best security minds and a depth of capabilities working together to stunt the growth of ransomware.
Security organizations will eventually get the upper hand, but it will take time, innovation, and a coordinated effort. Until then, do the best you can in the face of this threat. Be careful and follow the top practices to protect from ransomware:
- A layered defense (host, network, web, email, etc.) to block malware delivery.
- Savvy web browsing and email practices to reduce the inadvertent risk of infection.
- Be prepared to immediately disconnect from the network if you suspect malware has begun encrypting files.
- Healthy, regular backups in the event of you become a victim and must recover.
Alternatively, if you choose not to take protective measures, I recommend becoming familiar with cryptocurrency transfers and stress management meditation techniques.
This post was originally published on May 21, 2015, on the Intel communities site.