In the past few years, there has been a wide spread of a new type of security threat, the so called “ransomware”. This is a relatively new malware that infects computer systems and locks access to the whole system or specific drives. The user is then pressured into paying the criminals in order to gain back access to their files. The ransomware attacks use complex cryptography methods in order to lock the files from being recovered by the user. Ransomware have become increasingly complex and in most cases it is difficult to overcome the means by which the files have been protected by the criminal. Furthermore, it is often difficult to trace out who exactly is responsible for the attack as the hackers use payment methods and anonymous networks in order to communicate and exchange the requested information and money.
Threat Behavior
There are several different scenarios that showcase ransomware behavior. A typical situation would be an infected filed downloaded from the Internet which contains ransomware code. It infects the operating system and encrypts whole partitions of user data. A notification box then appears that provides information to the users with detailed information on how to pay the hacker. Once the payment has been released the hacker hands over a decryption key that unlocks the protected information.
Most infections provide false information about the hacker identity in order to pressure the users. Tactics include the impersonation of police forces or government agencies. Some of the famous examples include warning boxes showing FBI or CIA insignia. This is followed by text that informs the user that their computer contains “illegal” or “pornographic “content. The “accused” must pay a “release fee” in order to evade the hoax investigation.
Cyber security experts and vendors also indicate that often ransomware threats are bundled with other types of viruses such as Trojan horses. They give full remote access to the machine which aids the criminals in preventing the users from installing any security tools.
Notable Examples
The first ransomware attacks were reported in 2005 originating from Russia. The variant TROJ_CRYZIP. An encrypted user data and placed it in a compressed file while at the time deleted the original files. This malware placed a text file on the computer that pressured the victims into paying 300 dollars in order to get their data back.
Ransomware gradually grew into more and more types while at the same becoming more complex. In 2011 experts reported that TROJ_RANSOM.QOWA pressured the users in payment not by the usual debit/credit card or bank transfers but by premium SMS numbers. In certain countries, it is very easy to register one and the criminals utilized this payment scheme in order to secure their money in an easier way.
Other famous variants utilize even deeper methods of infection. A notable example is a type of ransomware that infects the master boot record of the victim system. This prevents the operating system from loading until the user pays the hacker for release.
In the last few years, ransomware have employed the popular cryptocurrency Bitcoin as payment options. The hackers even use time limits in order to force the users into quicker money release. Cyber security experts and leading researchers note that the criminals employ psychological methods that lure the users into giving away their money. The criminal’s approach is to explain in an easy to understand manner that there is no other way but to pay the hackers in order to gain back access to the encrypted data.
How to Protect Yourselves
As malware infections continue to spread cyber security vendors and experts work extensively in order to create solutions that not only are able to prevent the attacks but also to reduce the risks from being infected. The users are advised to use quality security products such as antivirus and spyware software that guards against these types of attacks. The programs must constantly be updated as new definitions are being made and updates (in most cases) are applied daily. This is one of the reasons why subscriptions are really important if the users want to be always updated on time.
Users are advised not to download any files from unknown sources. This includes both sites that look and act like legitimate sources but are not. Fake websites are among the leading causes of malware and virus distribution. Make sure that you are entering passwords only on official and known addresses and that you are using a secured connection.
Store secure copies of your important files on safe locations – external drives or cloud storage services.