5 essential things to know about Ransomware
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

Photo Credit: Tim Robberts / Getty Images Israel

One of the biggest threats to hit the internet in 2016, here are a few important facts and tips to help you avoid becoming a victim

The term “ransomware” denotes a type of malicious code that locks down computers or encrypts victims’ important data and demands money for recovery. These perpetrating programs can hijack entire corporate IT networks, databases or websites, so home users aren’t the only targets. The ransoms are mainly payable in Bitcoin, a hard-to-trace cryptocurrency that prevents attacker attribution and helps the felons stay on the loose. Furthermore, the use of The Onion Router (Tor) technology for interacting with victims adds an extra layer of anonymity to the malefactors’ extortion schemes.

Most of the present-day ransomware campaigns appear to be immaculately orchestrated. They leverage military grade RSA and AES encryption algorithms to affect PC users, companies, critical infrastructure organizations and even governments. But is the extortion plague really that top-notch and unbeatable? Here are 5 noteworthy facts reflecting the nuts and bolts of ransomware.

1. Ransomware is older than most people think

The emergence of ransomware as a phenomenon dates back to 1989. The first sample known as the AIDS Trojan proliferated via 20k diskettes sent to participants of the AIDS conference that took place in Stockholm. The booby-trapped floppy disks contained a Trojan that would encrypt files on a targeted computer’s C drive. This prototype of modern ransomware employed symmetric cryptography and demanded $189 for data recovery. The campaign wasn’t too successful due to primitive distribution, weak crypto, and a negligible number of personal computers back in the day.

It wasn’t until 2012 that a new ransomware outbreak occurred. It was the dawn of screen lockers’ domination in the online extortion ecosystem. These threats, including the prevalent strain called Reveton, displayed lock screens impersonating the FBI and other local law enforcement agencies. While accusing victims of copyright violation and similar felonies, the Trojans demanded a fee so that the case wouldn’t go to court. Locker ransomware isn’t nearly as common these days as it used to be, but it’s still alive and kicking. Fortunately, it’s all about bluff and isn’t very sophisticated.

The rise of file-encrypting ransomware became another milestone in this evolution. The first noteworthy sample from this category called CryptoLocker was discovered in 2013. It propagated via spam and exploit kits, encoded victims’ personal data with a strong cryptographic algorithm, and instructed them to pay a hefty ransom in Bitcoin for the decryption key. This workflow reflects today’s most widespread extortion model.

Hackers are looking for weaknesses in your cyber security. Photo Credit: Daniel Acker/Bloomberg via Getty Images Israel

Hackers are looking for weaknesses in your cyber security. Photo Credit: Daniel Acker/Bloomberg via Getty Images Israel

2. Avoiding ransomware is easy

The majority of crypto-ransomware is email-borne. It arrives with spam containing malicious ZIP, JavaScript or Microsoft Word attachments. This scheme revolves around social engineering, where unsuspecting recipients are duped into opening the attached files disguised as invoices, order details, job offers, failed delivery notifications or something equally catchy. The contamination chain commences as soon as a user opens the attachment. So the rule of thumb in terms of preventing ransomware is to treat suspicious emails with a reasonable degree of paranoia. Furthermore, cranking up your email provider’s spam filter settings will raise the bar for most of these attacks.

Meanwhile, some ransomware campaigns engage exploit kits hosted on compromised websites. These are tools that identify software vulnerabilities on computers and exploit them to run harmful code behind the scenes. Out-of-date Java and Adobe Flash Player pose the main entry point for such intrusions. To thwart this particular attack vector, it’s imperative to apply software patches as soon as they are available.

3. Recovery without backups: mission impossible?

The aftermath of the average crypto ransomware attack is messy. All valuable files stored on the local drive, network shares, and removable media get scrambled with an uncrackable cryptographic algorithm, or sometimes a combo of the symmetric AES and asymmetric RSA algorithms. Since brute forcing the decryption key is technically unfeasible most of the time, the necessity of paying the ransom may be imminent. Under the circumstances, data backups are a godsend as they allow reinstating all mutilated files beyond the ransom route. Just be sure to eradicate the infection proper before restoring data from backup. Fortunately, most antimalware suites easily cope with ransomware removal – in fact, some of these infections terminate themselves after completing the encryption task.

But what if there are no backups at all? In this case, the plan B is to identify the ransomware family you are confronted with and check whether a free decryptor is available for it. The online service called ID Ransomware can detect more than 300 strains, so it’s a good starting point for the troubleshooting. Furthermore, security software vendors and enthusiasts have crafted dozens of automatic free decryption tools for different ransomware samples, so don’t fail to check for one online.

4. To pay or not to pay?

This is the biggest dilemma accompanying every ransomware incident. By paying up, you add fuel to the furnace of cybercrime and provide the extortionists with resources to enhance their nasty business model and coin increasingly sophisticated infections. Another nontrivial thing to keep in mind is that no one can guarantee that you will obtain your decryption key after submitting the ransom. Trusting the crooks is a slippery slope. Furthermore, some crypto threats are poorly coded and the recovery may simply fail due to technical issues. Thankfully, researchers are releasing more and more decryptors that do the trick for free. So try everything alternative first to avoid funding the threat actors.

5. A glimpse into the future

In August 2016, IT experts created proof of concept ransomware that targets smart thermostats. In February 2017, a different group of researchers came up with a PoC that affects industrial control systems. It’s naive to believe that criminals cannot do something similar. In fact, real-world ransomware attacking Android-based smart TVs is already here. Critical infrastructure and the Internet of Things (IoT) are shaping up to be ransomware devs’ new major targets, and it’s high time the security industry and law enforcement teamed up to devise reliable defenses.

Share on:Share
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email
David Balaban

About David Balaban


David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.

More Goodies From Security


Concerned about digital privacy? Here are 4 tips for being safer online

Backdoors into Whatsapp’s encryption is not the UK’s answer to terrorism

How to protect your data from being sold by your ISP