Why You Should Never Pay For Ransomware
Why You Should Never Pay For Ransomware

Earlier this year, the British Guardian reported that nearly 40% of all businesses experienced some kind of cyber-attack involving ransomware in 2016 – and that 54% of British businesses had been a victim of this kind of attack.

Ransomware is malware that can infect everything from personal computers to enterprise level systems. The most common attack is characterized by hackers’ use of blackmail to threaten users who no longer have access to either their computers or the files they have stored on them, with demands of payment before they are given a decryption key. Users are then expected to pay some amount of money – via online money transfer or even bitcoins – before they get reaccess in the form of a decryption key, to their systems or data.

CYBERCRIME ON THE RISE

While cyber hijacking is not a new threat, it is clearly on the rise – often the work of organized gangs who target anyone from large companies to individuals. According to the American Justice Department, the number of such attacks had quadrupled in 2016 – with 93% of phishing emails now containing some kind of ransomware.

There is a reason for this – of course. This kind of cybercrime can be highly lucrative for criminals. A recent study of Cerber – a type of ransomware-as-a-service model that surfaced early this year – showed that the criminals behind the attack had made close to $2 million this year so far. Worse, the developers also appear to be using “affiliates” to help spread the malware. Such affiliates are then remunerated on the amount of computers they manage to infect and how much ransom money they are able to collect.

This ransomware model has significantly lowered the barriers for aspiring cybercriminals to operate as well as given malware developers new tools to “monetize” their wares. A relatively new kind of ransomware called Shark is currently available for free on underground forums. Individuals who use this tool to extort money from victims then pay the developers of the malware 20% of the money they are able to collect.

It is also a method of attack that is leaving many at the receiving end of the same confused about how to respond. According to recent research on the trend, as many as 50% of those who are attacked choose to actually pay when asked to do so.

This includes larger institutions – that range from banks to hospitals which have made headlines this year by either preparing to pay or actually handing over cash or even bitcoins to attackers in such situations. That said, experts warn that responding to such threats this way is not the most effective way to respond to such demands – or in fact the threat itself.

The first issue is that no matter how dramatic the threat is – it is often possible for users to de-infect their systems without paying the ransom amount – even if it takes time to do so. The second problem of course, is that there is no guarantee that hackers will in fact hand over the decryption keys. Further, there is also no guarantee that once the first demanded amount is actually paid, that ransomers will not demand additional payment before releasing your data.

Ransomware

RECOGNIZING THE THREAT

The problem is new enough that users do not even always realize that they have been hacked – particularly since many attacks claim that they are in fact “government” or “police” forces who have taken control of computer systems for the supposed “crime” of failing to pay some kind of tax or mandatory “fee”. Police-themed ransomware has started to appear in many countries around the globe – starting with Germany and other western European countries and spreading to Latin America and Africa.

An example of this kind of attack is the FBI Moneypak Ransomware software that purports to be from the U.S. Federal Department of Investigation. It places extortive malware on systems and prevents users from accessing their computers until they pay up to several hundred dollars to release the data. The ransomware is designed to scare users into actually believing they have actually committed a cybercrime. Worse, the demands for money will not clear the computer of the malware although users can actually remove this threat manually.

Towards the end of the summer, Europol, the EU’s law enforcement agency began publishing information online as part of their own initiative to inform the public about the growing threat and help victims recover their data.

PREVENTION IS THE BEST DEFENSE

Computer crimes like this may be on the rise – but consumers and businesses can take preventive steps to prevent and ameliorate this kind of threat.

The first of course is to have a backup system for files – and utilize the same on a regular basis.

The second is to have a cyber security police – or procedure that you stick to. Never open email attachments from people you do not know. Emails are the primary way that computer systems are infected and attacked.

Thirdly, it is critical to keep all software (not just security software) up to date so that potential vulnerabilities are patched regularly. According to the FBI, even legitimate websites can be seeded by malicious code which takes advantage of unpatched data on users computers to infect them.

WHAT TO DO IN THE EVENT OF AN ATTACK

According to law enforcement agencies, consumers and businesses should immediately refuse to pay the ransom threat and immediately contact law enforcement agency departments now set up to address the issue. The FBI – for example – has a unit called ic3 to file complaints and share information about cybercrime.

Comments (3)

  • Avatar
    BAZALE
    25 May 2017 /

    Bonjour, Je me permets de vous raconter ma mésaventure, car j’ai été victime d'une escroquerie sur le site de rencontre LOVOO. Je m’appelle Alexis BAZINET, Il y a trois semaines j'ai fait connaissance par le biais de ce site d'une femme prénommée Christine Morel. Nous échangions des messages ainsi que des photos et deux visioconférences. Une semaine après notre rencontre elle me signale quelle doit se rendre en Côte d'ivoire pour affaire. Jusque-là, pas d’inquiétude de ma part. La deuxième semaine elle m'annonce quelle à des problèmes pour payer ses dettes là-bas pour pouvoir rentré en France. Elle me demande de l'aide financière, mais j’ai refusé car j’étais très méfiant. Elle me propose alors, prétextant ne pas avoir de compte bancaire personnel de m'envoyer un chèque d'un montant de 5800 euros de son oncle, pour que je l'encaisse sur mon compte et de l'aider ensuite. Etant de nature généreuse et serviable j'ai accepté avec réticence. Le lendemain j'ai reçu un coup de téléphone d'un homme avec un accent bizarre, disant qu'il appelle de la part de Christine Morel et me confirmant l'envoi de ce chèque. J'ai reçu ce chèque deux jours après et je l'ai encaissé aussitôt comme convenu avec elle. Ensuite elle m’a demandé de lui envoyer un premier mandat cash de 1500 euros. Ce que j'ai fait. Aussitôt, le même homme apparemment me recontacte pour vérifier si j'avais bien envoyé l'argent. Je lui confirme l'envoi. Je confie mais inquiétudes à Christine Morel, qui elle me dit que je peux avoir confiance et que cet homme et une sorte de conseiller financier de son Oncle. Ensuite je lui fais un second mandat cash de 2500 euros. Même manœuvre de la part de cet homme. Puis pour le dernier envoi par mandat cash, le virement ne peut pas être effectué car ma carte bancaire est bloquée. Je lui explique que je ne peux pas faire le virement. Et c'est à ce moment-là ou tout s’accélère et je me fais harceler de plusieurs coups de téléphone et messages de son oncle me menaçant de faire opposition au chèque de 5800 euros. Pour éviter des ennuis, je lui fais donc un virement bancaire sur le compte de la mère à son amie. Croyant être débarrasser de cette histoire, elle recommence à me demander de l'aide. A ce moment-là j'ai arrêté notre relation virtuelle et j'ai bloqué tous les numéros et le siens sur lequel ils m’harcelaient. Deux jours après j'ai relevé mon courrier et j'ai constaté une lettre de ma banque me signalant une opposition à ce chèque, du coup je me retrouve avec une dette de 5800 euros. Pris de peur je me suis rendu à la brigade pour déposer une plainte sans suite. Trois mois après toujours dans mes recherches avec l’aide des amis j’ai contacté l’ORGANISATION INTERNATIONALE DE POLICE CRIMINELLE-INTERPOL spécialisée dans les dossiers de cybercriminalité et autorisée par le Décret n° 2009-1098 du 4 septembre 2009 portant publication de l’accord entre le Gouvernement de la République française et (OIPC-Interpol) et grâce aux mails, aux appels téléphoniques et aux SMS, les OPJ de cette Organisation ce sont investis personnellement pour que ces escrocs soient retracés, arrêter et présenter à la justice. J’ai été finalement remboursé et dédommagé. N’hésitez pas à la contacter Voici leurs adresses mails : oipc_i@yahoo.com / oipc_i@outlook.fr Cordialement

  • Avatar
    Sri Sairam Subhayatra
    29 May 2017 /

    Awesome and helpful post! Thanks for sharing this post. Nice tips shared. chennai to shirdi flight package, chennai to shirdi tour package https://www.youtube.com/watch?v=7pz901-J4IA

  • Avatar
    Sri Sairam Subhayatra
    30 May 2017 /

    Good info. Here all information's are very useful to everyone. Thanks for sharing the important points with us. - chennai to shirdi flight package, chennai to shirdi tour package https://vimeo.com/173170656

Submit a Review

* Type Code