Earlier this year, the British Guardian reported that nearly 40% of all businesses experienced some kind of cyber-attack involving ransomware in 2016 – and that 54% of British businesses had been a victim of this kind of attack.
Ransomware is malware that can infect everything from personal computers to enterprise level systems. The most common attack is characterized by hackers’ use of blackmail to threaten users who no longer have access to either their computers or the files they have stored on them, with demands of payment before they are given a decryption key. Users are then expected to pay some amount of money – via online money transfer or even bitcoins – before they get reaccess in the form of a decryption key, to their systems or data.
CYBERCRIME ON THE RISE
While cyber hijacking is not a new threat, it is clearly on the rise – often the work of organized gangs who target anyone from large companies to individuals. According to the American Justice Department, the number of such attacks had quadrupled in 2016 – with 93% of phishing emails now containing some kind of ransomware.
There is a reason for this – of course. This kind of cybercrime can be highly lucrative for criminals. A recent study of Cerber – a type of ransomware-as-a-service model that surfaced early this year – showed that the criminals behind the attack had made close to $2 million this year so far. Worse, the developers also appear to be using “affiliates” to help spread the malware. Such affiliates are then remunerated on the amount of computers they manage to infect and how much ransom money they are able to collect.
This ransomware model has significantly lowered the barriers for aspiring cybercriminals to operate as well as given malware developers new tools to “monetize” their wares. A relatively new kind of ransomware called Shark is currently available for free on underground forums. Individuals who use this tool to extort money from victims then pay the developers of the malware 20% of the money they are able to collect.
It is also a method of attack that is leaving many at the receiving end of the same confused about how to respond. According to recent research on the trend, as many as 50% of those who are attacked choose to actually pay when asked to do so.
This includes larger institutions – that range from banks to hospitals which have made headlines this year by either preparing to pay or actually handing over cash or even bitcoins to attackers in such situations. That said, experts warn that responding to such threats this way is not the most effective way to respond to such demands – or in fact the threat itself.
The first issue is that no matter how dramatic the threat is – it is often possible for users to de-infect their systems without paying the ransom amount – even if it takes time to do so. The second problem of course, is that there is no guarantee that hackers will in fact hand over the decryption keys. Further, there is also no guarantee that once the first demanded amount is actually paid, that ransomers will not demand additional payment before releasing your data.
RECOGNIZING THE THREAT
The problem is new enough that users do not even always realize that they have been hacked – particularly since many attacks claim that they are in fact “government” or “police” forces who have taken control of computer systems for the supposed “crime” of failing to pay some kind of tax or mandatory “fee”. Police-themed ransomware has started to appear in many countries around the globe – starting with Germany and other western European countries and spreading to Latin America and Africa.
An example of this kind of attack is the FBI Moneypak Ransomware software that purports to be from the U.S. Federal Department of Investigation. It places extortive malware on systems and prevents users from accessing their computers until they pay up to several hundred dollars to release the data. The ransomware is designed to scare users into actually believing they have actually committed a cybercrime. Worse, the demands for money will not clear the computer of the malware although users can actually remove this threat manually.
Towards the end of the summer, Europol, the EU’s law enforcement agency began publishing information online as part of their own initiative to inform the public about the growing threat and help victims recover their data.
PREVENTION IS THE BEST DEFENSE
Computer crimes like this may be on the rise – but consumers and businesses can take preventive steps to prevent and ameliorate this kind of threat.
The first of course is to have a backup system for files – and utilize the same on a regular basis.
The second is to have a cyber security police – or procedure that you stick to. Never open email attachments from people you do not know. Emails are the primary way that computer systems are infected and attacked.
Thirdly, it is critical to keep all software (not just security software) up to date so that potential vulnerabilities are patched regularly. According to the FBI, even legitimate websites can be seeded by malicious code which takes advantage of unpatched data on users computers to infect them.
WHAT TO DO IN THE EVENT OF AN ATTACK
According to law enforcement agencies, consumers and businesses should immediately refuse to pay the ransom threat and immediately contact law enforcement agency departments now set up to address the issue. The FBI – for example – has a unit called ic3 to file complaints and share information about cybercrime.