From “software leases” to Cryptolocker, ransomware has been around for a while – but criminals are now taking victims’ data hostage as a way to make money, moving to mobile devices and other places where they can catch people off guard.
Ransomware is a type of malware where cybercriminals take over a victim’s system or files and restricts access to them, providing users a decryption key once they pay them a sum of money.
It’s been around for a while, but it’s only been in the last five to 10 years that criminals have started using it regularly as a way to make money – for example, in the case of Cryptolocker, they went after files people actually wanted, said John Shier, senior channel sales engineer at Sophos Ltd. That was the crux of his presentation, given during Toronto’s SC Congress conference on Wednesday.
“If I encrypt a DLL file, no one cares. But if I encrypt a business’ Excel spreadsheets, maybe where they have their financials, then people care,” he said. “Or pictures of your honeymoon, or a video of your kid’s first steps. Criminals got a high ROI on these because they’re encrypting stuff people wanted.”
By contrast, early versions of ransomware were a little more amateur. Shier showed an example dating back to 1989, when a fake company called the PC Cyborg Corporation contacted users to tell them they had to pay for a software lease on a diskette, or else they wouldn’t be able to access their files.
The company was supposedly based in Panama, but the FBI later found their culprit in Cleveland, Ohio, after he bought about 20,000 diskettes at a computer store, intending to send them to his victims.
Still, ransomware has come a long way since then, becoming much more sophisticated – and becoming more focused on money, rather than on pranking victims, said Shier.
“For some parts of organized crime, traditional revenue streams dried up, so cybercriminals decided to monetize malware,” he said. He added a lot of attacks seem to come from Russia and China, or other areas where an often slow economy can prevent individuals with computer science backgrounds from making a living using less illegal methods.
In recent years, one of the most notorious examples has been Cryptolocker, a kind of malware that encrypts certain kinds of files using the RSA’s method of public-key cryptography. hit with the ransomware only get their files decrypted once they pay a sum of money. If they don’t pony up the amount by a certain deadline, the hackers behind the malware offer the victim another chance – but this time, the ransom amount can be much higher. Hitting its stride in September 2012, there was an outbreak of cases worldwide, Shier said.
Even more recently, there have been other variants of ransomware cropping up, like ones that target smartphones. While ransomware deployed over SMS is more common in Europe and Asia, elsewhere in the world, there have been some versions of ransomware that lock Apple iPhones remotely, like Oleg Pliss, which first appeared in May 2014. And then there are others that have attacked Android phones, like Simplelocker, which also encrypted files housed on the devices.
However, ransomware isn’t always a huge risk, Shier said. For different kinds of ransomware, there are usually ways to get rid of them – for example, on Android phones, it’s possible to reboot the device in safe mode and then figure out how to remove the malware.
Plus, not every hacker deploying ransomware is a “devious, super genius,” Shier said. For example, there was one variant of ransomware that was made up of just 77 lines of terrible code, which didn’t work.
While most enterprise organizations have layers of protection, as well as the IT staff to handle these threats or remove them, it’s small businesses and consumers who may be cybercriminals’ real targets, he added.
Businesses should use anti-virus software for both their desktops and their mobile devices, host intrusion prevention system tools and web filtering for both inbound and outbound traffic. Also, network administrator rights should only be given to people who need them – otherwise, something like Cryptolocker could easily spread across a network to encrypt more files on other devices. And there’s a simple way to protect data – backing up files, in case of a breach or attack.