For more than a decade, ransomware has been doing the rounds and targeting computer users to an almost personal level. But now ransomware is becoming a huge problem for businesses of all sizes, regardless of industry.
Designed for financial gain, ransomware is an infection in a victim’s computer or a company’s server which locks down and encrypts stored data. The only time this will become evident to users is when a message appears on screen demanding ransom payment in exchange for a code to unlock the data. One of the most high profile ransomwares of recent times is Cryptolocker. Making an appearance to the public eye in 2013, Cryptolocker authors pocketed US$27-Million in only their first three months. A huge amount in such a short amount of time. However in 2014, Operation Tovar, an international collaboration of security companies and law enforcement agencies, managed to bring Cryolocker to a halt by shutting down their main command and control servers. This however wasn’t the last we heard from them.
Cryptolocker and CryptoWall
Since Cryptolocker’s main code can be sourced from places around the Internet, many ‘freelance’ hackers have emerged and tweaked the code. The emergence of Bitcoin also allows for ease of payment by victims with little or no potential tracking, not to mention the speed of getting everything back to what it was pre-hack. Since 2014 there have been reports that in 2015 there were 38% more security incidents than 2014 – experts fear that the problem could be even more widespread especially since not all attacks are reported, largely due to the fact that ransomware is simply holding data at ransom and after payment has been made everything will be ‘back to normal’ again. So sometimes it is easier to just pay up and continue where you left off, without notifying anyone.
Evolving from Cryptolocker was CryptoWall. Infecting individuals, businesses and multi-national companies, CryptoWall has emerged as a 2nd Generation Cryptolocker and is proving to be a worthy successor. More than 4,000 different variants of the code have been discovered in the wild and it uses more than 800 different command-and-control URLs for communication. Following a similar process as Cryptolocker, CryptoWall arrives via email attachments, exploit kits and drive-by downloads that occur when a user unintentionally downloads a virus or malware due to having an outdated browser or a lack of proper end point security. Security experts estimate there have already been more than 400,000 attempted infections and the criminals behind it collected an estimated US$325 million via Bitcoin during 2015.
What does the future hold in terms of ransomware? Based on current trends we will see more and more targets shifting from individuals to large organisations. This means that hackers have become more sophisticated and advanced in their methods but on top that, they have become more confident in their approach. Reports have seen ransomware variants that infiltrate an organisation’s network but don’t immediately encrypt data. Instead, the attackers take time to identify high-value servers and figure out back-up strategies so the eventual impact can be even more significant. One variant, called Maktub, even uses a time-sensitive ransom note. If the requested ransom is not payed within 15 days, the price goes up.
We can call it a game of cat and mouse with the security industry trying to protect the public and trying to catch these pesky attackers but however way you look at it, your business should take every precaution necessary to protect yourselves and your data. Even with a trusted IT partner such as IntelliTeK, a lot of time and effort should go into educating and training staff and clients to not open/click on unknown sources – emails, web links etc. We cannot predict the future, especially in the IT industry, but one thing’s for sure it’s going to prove costly if ransomware lands on your desktop so ensure your IT security is up to scratch and take every precaution possible at user level.