Ransomware: a type of malicious software designed to block access to a computer system until a sum of money is paid.
Cybersecurity firm Trend Micro specifies ransomware as a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.
Ransom prices vary depending on the ransomware variant and the price or exchange rates of digital currencies. The perceived anonymity offered by cryptocurrencies (also known as altcoins) like Bitcoin make them commonly requested forms of payment. This exchange medium uses cryptography to secure the transactions and to control the creation of additional units of the currency.
Here are figures given in a recent webinar (Nexsan “Unity Solves the Ransomware Problem”):
- $25 million ransom paid in 2015
- $209 million paid in 1Q2016
- $1 billion estimated to be paid during 2016
- Spam emails containing ransomware have increased by 6000% since 2015
- These numbers are comparable to the funding a large country would budget for developing cyber attacks
- The criminal gangs are getting an unprecedented influx of cash to fund further ransomware R&D
The numbers year on year as of right now will no doubt increase exponentially, unless organizations can protect their networks as well as educate their employees. As one can figure, the challenge is greater than the solution – whatever that may be.
- Educate users – don’t click on links (but “spearphishing” attacks are very tricky!, and ransomware can infect in many other ways)
- Apply security patches promptly (safe windows keep shrinking, difficult to keep everything patched all the time)
- Use anti-malware software (not 100% effective, criminals have a billion dollars in 2017 to fund R&D)
- Do frequent backups and snapshots (RTO can be a challenge with high capacity points, backup volumes are at risk, ransomware is now attacking snapshotting systems like VSS)
Key: Spearphishing – e-mail spoofing, seeks unauthorized access to confidential data (which could then lead to social engineering). RTO – recovery time objective. VSS – volume snapshot service (also known as volume shadow copy service).
As one can imagine by reviewing this, anti-malware and anti-virus solutions are hardly as reliable as they once may have been, and it’s hard to keep up on security patches as new strains and variants of malware are continuously created – notice how well criminals’ R&D efforts will be funded in 2017. And hackers work and move faster now than ever before.
John McAfee, CEO at MGT Capital Investments, Inc. (Founder, McAfee Associates) made this recent statement:
“The anti-virus paradigm will finally been seen as a dead paradigm. I invented this paradigm and predicted its demise more than 10 years ago. Every major hack of the American government and American enterprises were protected by multiple anti-virus software products. The world must move to proactive systems that detect the presence of a hacker within milliseconds of the hackers’ entry – months or years before the hacker can plant the malware that [anti-virus] systems can detect.”
Here is a US-CERT Alert from March 2016 (TA16-091A) Ransomware and Recent Variants stating how destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide – well-known as primary organizations for such attacks these days. The alert also states that the ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin (as noted above).
There have been much larger amounts paid of course, one example in March 2016 – Hollywood Presbyterian Medical Center in Los Angeles was forced to pay $17K ( which is 40 bitcoins), though certain reports stated an original demand of $3.4 million or 9000 bitcoins. Computers at the hospital were taken down for more than a week as the they attempted to recover from the attack. In that time staff struggled to deal with the loss of email and access to certain patient data.
According to an IBM report:
In 2016 alone there were 4,000 ransomware attacks a day. As we store more and more personal information on our computers—home videos, photos, financial information—the cost of infection only grows.
Even more frightening?
While the staggering progress of malware is frightening, comparing digital threats to infectious diseases provides some context to the risk internet users face.
And one never knows the true potential of an attack. If it is a ransomware attack, the costs, as indicated in the Hollywood hospital attack, could be deadly in more ways than one – in terms of dollars, and productivity.
Another case in point, it was reported that at the end of March 2016, 93% of e-mails were ransomware. That was an increase of 56% from December of 2015.
And just in, according to Israeli-based security solutions vendor Check Point Software Technologies (in its H2 2016 Global Threat Intelligence Trends report), global ransomware attacks doubled during the second half of 2016. The Check Point report highlights key tactics which cyber criminals are using to attack businesses, and gives an overview of the threat landscape in these top malware categories: ransomware, banking and mobile. The report notes that thousands of new ransomware variants were observed in 2016.
To date, it’s stated by cybersecurity experts that no solution or approach to this or any other cyber threat is a be-all, end-all — period.
More to come.
Here is Trend Micro’s ransomware page.
*Information from 4 Cryptocurrencies With Much Faster Block Times Than Bitcoin.
** John McAfee statement from 3 major cybersecurity predictions for 2017.