Ransomware: Malware as a Business Model
Ransomware is a malicious piece of software installed covertly on a user’s computer that encrypts some or all of the files on that computer, then displays a message providing payment instructions to the user. The promise is that once the ransom is paid, instructions are sent to the user on how to decrypt their own files. Ransomware affects PCs, Macs and Linux machines and can affect personal files, operating system files, boot sector files or any combination.
The first ransomware hit users in 1989 with the “PC Cyborg” trojan, coming to prominence in 2005 with a variety of exploits using increasingly complex encryption keys. By the end of 2006, ransomware packages were using encryption keys strong enough to require government resources or some serious distributed computing to break.
In 2013, the CryptoLocker virus made a big splash with widespread infections and the use of Bitcoin payments as acceptable ransom. It is estimated that the CryptoLocker developers garnered somewhere in the neighborhood of $27 million in the final two months of 2013 alone. With their “success” several hackers developed copy-cat versions of CryptoLocker, improving on its encryption and distributing it through various channels around the web.
Today, ransomware is on a steep rise. When CryptoLocker was at its height, there were an estimated 1.5 million samples of ransomware in the wild. In the last half of 2015, there were an estimated 4 million samples. In the first three months of 2016 alone, ransomware developers have collected an estimated $200 million.
From the first very raw ransomware introduced nearly 30 years ago, developers have come a very long way. Some ransomware developers employ graphic artists, support teams and call centers to streamline the ransom process and “help” victims pay to decrypt their own files. Because the cost of most ransoms is less than $500, it’s cheaper for many businesses to pay the ransom, get their data back and move on than to hire a cyber-security firm to investigate and try to crack the encrypted files. This has led to ransom demands being paid more often than not, especially in cases where the encrypted files are critical to the operation of police departments or hospitals.
In fact, in February 2016, the Hollywood Presbyterian Hospital paid $17,000 to hackers to get access to files encrypted by ransomware. During the encryption, the hospital was forced to return to pen and paper for all of its charting and records.
As more and more people choose to pay the ransom, especially in higher-profile targets like hospitals and police departments, hackers are more and more likely to press their advantage.
What Should You Do?
Having a good backup of your data is almost a no-brainer practice today (if you’re in business, it is a no-brainer). A good backup can also be your best defense against ransomware – there’s no need to pay if you have a current backup. Services such as Carbonite (CLICK HERE for special deal – ends April 30, 2016) or CrashPlan are excellent solutions for restoring your files if you’re hit with ransomware (as long as they’re configured correctly).
Use Excellent Anti-virus
PCs and Macs are vulnerable to ransomware, so no one is immune from the threat. My best recommendation to guard against ransomware and every other threat is Webroot SecureAnywhere. It uses very little in system resources, is updated from the cloud in real-time and has a perfect score in threat detection. There’s a deal running until May 1, 2016 for half off for unmanaged clients: CLICK HERE.
Almost two-thirds of malware attacks in 2015 exploited web browsers (see graphic). Keeping your browser, OS and other programs up-to-date is critical. If you knew a criminal had a key to your front door, you’d change the locks, right? Well, leaving your computer and programs out-of-date hands criminals a key to your computer – don’t give them the advantage!
When I was growing up, I watched G.I. Joe and at the end of every episode they had some cool tip for real life and they always ended it with “Now you know! And knowing is half the battle!” Same is true for protecting yourself online. Be informed about the threats out there (like my post yesterday) and how to avoid them.
If you do get hit with ransomware, there’s going to be a temptation to pay it (especially if you haven’t taken the steps above), but remember, every time a ransom gets paid, the hackers win – and they will be encouraged to be bolder and craftier in their next attacks.