Ransomware
Have you been hearing about Ransomware and wondered if you should worry? More than likely, you have not been affected by Ransomware, but many businesses and government agencies are being held hostage by Ransomware. Ransomware is a type of computer virus, but instead of causing a computer to slow down to an unusable state, it will either encrypt or lock the users’ files, and demand money in exchange to restore them, or at least that is the hope. In some cases, people have paid the money, and their files have not been released.
Ransomware is on the rise, and it can be potentially catastrophic. While you, as an individual, may not feel as if you are the target, the fact is, that ransomware against individuals is on the rise, similarly as it is for businesses and state and local agencies. Businesses have the potential of losing proprietary data, or the interruption of business, and can incur a great financial loss by the ransom gangs and or by paying the ransom. Equally devastating can be to the individual whose personal home computer, which contains pictures and personal data, can be held captive.
How is Ransomware distributed? The method of attack has evolved and become more sophisticated over time. Originally, attachment or links were clicked in an email, which contained the malicious code. Once infected, the malware would begin to encrypt the files on the computer, and it should be noted that even attached drives of the individual can be held hostage as well. By infecting the connecting drives of the individual, such as a USB drive, the malware, now has access to the individuals back up data. While the data is being infected, the user more than likely does not realize they are infected until they can no longer access their files. Ransomware has adopted additional attack vectors, which are similar to the distribution of everyday malware. It is not surprising to find that a computer, which has not been updated with the latest patches, has the potential to be infected by the ransomware. So, if the individual with the vulnerable computer is redirected to a website, they may be targeted by a drive-by-download of malware, or a click-fraud malware infection. Thus it is important to remember healthy digital computing!
What now if infected? Ransomware adopts a few different tactics so that the individual or business will pay. Crypto ransomware, in past instances, will pressure the user by displaying a clock with a time limit. If the individual does not pay the ransom within the time allotted, the decryption key will be deleted along with their files. Locker ransomware deploys a different tactic. They will display a fake law enforcement message stating that the user has content which is illegal and their files will be held until a fine is paid. In this instance, the user may have been surfing pornography or other illicit sites and will not question the ransom, but pay quickly.
The FBI’s official position is not to pay the ransomware. But it is not their data, so easier said than done. So, if an individual or business decides to pay, first ask for proof of data. You will want to make sure that once the ransom is paid, although it is not a guarantee, but that your data is still available. The ransom will include how to pay, which will include anonymity so that there will be no traceable means back to the person who hijacked your data. Bitcoin provides a setting which offers anonymity, as does payment voucher systems. At the end of the day, it is up to you or your organization as to whether the information is worth the money.
Ransomware will continue to rise as long as it is profitable. Ransomware gangs are smart and understand the market for data. The average ransomware is roughly three hundred dollars for the individual and ten thousand dollars for a company. They have found that an amount higher is usually not paid. While individual and business data has been the most prominently discussed, it is important to recognize that wearables have become a target as well, which includes watches and other devices.
How do we not become the next victim of ransomware? As long as we are connected, we are all targets, but keep your anti-virus up to date, patch the vulnerabilities as quickly as possible, do not click and or open email that is unsolicited, do not open attachments and definitely keep a back-up offline. The steps listed will help keep you safely connected.
