The world is facing a rising and increasingly dangerous tide of ransomware. It basically comes in two forms. First, there are ‘blockers’–malware that blocks access to a computer’s file system. Second, there are ‘cryptors’–malware that encrypts data stored on a computer or mobile device. Our statistics show that the number of attacks by blockers is declining. Attacks by cryptors on the other hand are skyrocketing–with something like a 550 percent increase in 2016 compared to the previous 12 months. The problem lies in the fact that modern encryption–if done well–is practically impossible to crack.
“It’s also always a good idea to have a fresh backup–preferably offline, since some malware of this kind tries to encrypt any backups it can find as well”
Several years ago, criminals used to target predominantly individuals, but that’s no longer the case. For many businesses, losing access to their data is just unthinkable: they’re fully paralyzed without it; and so they choose to pay the ransom. Several police forces around the world, including in the US, have paid ransoms to criminals to get access to their files back. Criminals have even attacked a number of hospitals and forced them to pay to be able to continue their operations after a serious disruption.
Modern security software can provide a very high level of protection against ransomware. High-quality products are able to intercept the overwhelming majority of attacks and rollback modifications of files in case an attack gets past the defenses. But unfortunately not everyone uses such products, so the number of victims is still on the up.
Of course, ideally you should never pay criminals if your data is encrypted by ransomware. That’s all very well in theory, but when it’s your family photos or business documents encrypted by criminals, the theory can swiftly go out the window.But paying the ransom means supporting this criminal business model; and besides, there’s never a guarantee you’ll receive the decryption key anyway: the crooks may just disappear with your ransom money. Still, understandably, the prospect of losing precious documents (say, a dissertation draft that needs to be submitted next week) forces many ransomware victims to just give in and pay up.
It’s always better to try and prevent a ransomware incident than to deal with the consequences of one that’s occurred.That means using quality security software. It’s also always a good idea to have a fresh backup–preferably offline, since some malware of this kind tries to encrypt any backups it can find as well. Backups can take the sting out of a ransomware attack, since you’ve made copies of everything–including what’s been encrypted in an attack. And as a last resort in the worst case scenario–you’re attacked and you’ve no good security solution and no backups–many security vendors provide decryptor services, and they’re definitely worth trying out.
There are several worrying trends with the use of such malware. First, there’s a growing risk of ransomware attacks on physical devices. In the future we might see ransomware attacks on smart TVs, connected cars, etc. This is one of the reasons why hospitals are so vulnerable: they’re using physical equipment such as medical scanners operated by computers often run on outdated, vulnerable operating systems. They’re connected to the hospital network, which has an Internet connection. All that combined is a recipe for a cybersecurity disaster.
I even know of a research project in which security experts developed ransomware (of the blocker variety) for a smart thermostat. Can you imagine a situation where, with sub-zero temperatures outside, your smart home gets its heating turned off remotely and can’t be turned back on? You might forgive the (shivering) smart-home owner for wanting to pay the ransom as soon as possible.
There are alsofears that criminalsthat are running advanced targeted attacks (aka APTs–advanced persistent threats) can adopt ransomware techniques to encrypt the ‘crown jewels’ of their high-profile victims. Such attacks are possible. And it can become a very serious headache for large global companies. Fortunately so far there aren’t that many criminals who can stage APT-class attacks. But they’re learning fast, and advanced ransomware attacks have the potential to cause great damage.
There have been several cases in which security companies joined forces with law enforcement to take down ransomware gangs. Private-sector security researchers analyze malware code and extract the information on the command-and-control servers used to run the scams. After that the police can physically seize these servers and access all the data on them–including the encryption keys to make the decryption relatively easy.
Unfortunately we’re far from taking down all such gangs. What we need to do is to continuously disrupt their criminal business model so that it fails to provide adequate return on investment. So far, unfortunately, it’s been a very profitable business and the entry barriers are not high. We need to make them high–so very high they make potential criminals think twice before getting involved in these scams.
Together with law enforcement we need to not only disrupt ransomware scams but to arrest the criminals behind them, put them on trial, and sentence them to prison. The big obstacle to that is that ransomware operators typically run cross-border operations, which often makes catching and prosecuting them complicated due to the inefficiencies of international cooperation.
Meanwhile, computer users need to take this threat seriously and be protected. Software updates, backups, not following suspicious links and not opening dubious attachments–all these recommendations are relevant for all computer users today. The prominence of ransomware will probably continue to increase the more smart devices we use. So my recommendation to everyone is to get protected and stay protected. Make it (too) hard for the crooks to make you a victim.