In the last few years a rather nasty form of malware has been showing up in both private and business systems. Known as ‘ransomware’, these cybercriminals do not try to hide the fact that they have stolen your information and data, in fact they display a screen informing the victim of the fact and demanding payment for the release. In essence, your data and business network is being held hostage.
The pathway for ransomware is the same as any virus, typically downloaded by someone clicking an email attachment. The emails as well as the attachments often appear to be from a credible source. In some cases the cybercrime has actually emulated law enforcement notifications as well as technical support with notification that the version of Windows operating system is counterfeit. Once a successful attack has occurred, part of their program places an encryption for access of the computer, network or phone with the promise of supplying an ‘encryption key’ to unlock, once their demanded payment is made.
According to McAfee, an internet security monitoring company, “Ransomware is malicious software created by a hacker to restrict access to your device and demand a fee to be paid to the hacker in order to give you back access to your device. It can prevent you from using your computer or mobile device, opening your files, or running certain applications like your browser. Or it could lock down your photos, documents, videos on your mobile phone or PC and hold them hostage until you pay the ransom.”
Sharon Knowles, CEO of Da Vinci Forensics says:
“The era of cybercrime has taken a twist, moving from behind the scenes and into the frontlines. This places a company’s critical and proprietary data at risk allowing intellectual property to be held for ransom. Making use of Da Vinci Forensic’s high level security protocols, combined with corporate and individual education is a key element of defense in maintaining integrity of a company network.’
The latest evolution of ransomware has been the avoidance of their ransom payments in any form other than Bitcoin. In February, 2015, PCWorld stated “Ransomware authors continue improving file-encrypting programs and infection methods for Windows and Android, making these nightmarish attacks harder to avoid. The biggest ransomware threat for Windows users is CryptoWall, a sophisticated malware program that encrypts a wide range of files and demands that victims pay a ransom in Bitcoin cryptocurrency to recover them.”
Cisco has been monitoring and reporting on the various ransomware problems and indicated in one of their blog notifications, “Ransomware continues to impact a large number of organizations and the malware continues to evolve….. the malware authors are focusing more on using exploit kits as an attack vector, since the exploit kit’s functionality could be used to gain privilege escalation on the system. Without privilege escalation, attempting to turn off many enabled security features on the system is likely to fail.”
All sources advise against making payment to the cybercriminals, although there are reports that individuals, organizations and even companies have complied with the ransom requests. One of the best methods to assist in thwarting the process is to have a backup routine to network shares or drives that have temporary connection to the computer as well as requiring a username and password for access.