Cyber Threats: Ransomware
In October 2016, I attended a SecureWorld conference in Bellevue, WA. The hot topic of the event? Ransomware. I realized that I had left ransomware out of my cyber threats series, hence this post.
This one is going to be a bit different, however. I’ll be giving you a brief overview of what ransomware is, but rather than one case study, I’m going to talk about some of the most interesting ransomware attacks through history. So, without further ado, here’s my introduction to ransomware, for the not-so technically savvy reader.
What is Ransomware?
Ransomware is getting popular and hackers are increasingly recognizing the financial benefits of employing such tactics. Ransomware occurs when a hacker(s) infects a computer, either with a malicious software shutting down their system (locker-ransomware) or by custom encrypting important files in their system and demanding a ransom (typically in bitcoins) in return for their systems/files (crypto-ransomware).
According to a report by Bitdefender, 50% of people (in US) pay up. Another frightening aspect of ransomware is that it often remains in the system after being paid the ransom and will be reactivated after a period of time passes. So, at that point, you’re basically renting your systems out from hackers.
So, now that you have a base understanding of what ransomware is, here are a few of my favorite ransomware case studies:
Ever seen the movie Saw? JIGSAW is the hacker equivalent (found earlier this year- 2016). When a user’s system is infected with JIGSAW, an image of John Karmer (aka the Jigsaw Killer) comes up on the user’s screen along with a timer, a place to pay in bitcoin and the following message:
“I want to play a game with you. Let me explain the rule: Your personal files are being deleted. Your photos, videos, document, etc… But, don’t worry! It will only happen if you don’t comply. However, I’ve already encrypted your personal files, so you cannot access them.
Every hour I select some of them to delete permanently, therefore I won’t be able to access them, either. Are you familiar with the concept of exponential growth? Let me help you out. It starts out slowly then increases rapidly. During the first 24 hours you will only lose a few files, the second day a few hundred, the third day a few thousand, and so on.”
If you turn off your computer or try to close me, when I start next time you will get 1,000 files deleted as a punishment. Yes, you will wat me to start next time, since I am the only one that is capable to decrypt your personal data for you.”
Now, let’s start and enjoy our little game together!”
Frightening. JIGSAW is a crypto-ransomware and was the first to both create copies of all the users’ files as well as the first to actually initiate the threats it had made (deleting users’ personal files).
Luckily, there have been counter-actions identified to rid yourself of such antics. And, as with all ransomware, if your files are backed up, there’s no need to pay a ransom to get them back. So, back up your files!
Reveton was in wide circulation in 2012. It’s a ransomware which posed as official FBI claiming that a user has been illegally accessing copyrighted material, distributing copyrighted material or accessing/distributing prohibited pornographic content. Then, they request a “fine” or threaten to criminally report the user. This ransomware plays on a few major fears. 1) Fear of authority/criminal punishment 2) Fear of reputation dismantling 3) Fear of what else may be found in a criminal investigation. Often targeting pornography viewers/subscribers, this ransomware duped countless people into paying an average of $200 fines.
Besides the apparent play on psychology of users, Reveton is also frightening because of its anti-VM and anti-analysis functions which allow it to go undetected. Some technologies can help combat Reveton, along with tough passwords, disabling macro loading in Office programs and patching schedules. However, the best thing to do is BACK UP YOUR FILES.
No account of major ransomware attacks would be complete without mention of CryptoLocker. CryptoLocker was the first crypto-ransomware (2013) to utilize social engineering tactics, coming in the form of either malicious website or phishing email. The phishing emails arrived to businesses in the form of customer complaints with malicious files attached. Leveraging the existing GameOver Zues botnet infrastructure, CryptoLocker targeted peer-to-peer infrastructures. Using the C2 server to encrypt made decryption a bigger battle because that server was established on Tor, making tracking nearly impossible.
Some ways to prevent against Trojans like CryptoLocker include employing awareness and behaviors which avoid phishing emails, disabling hidden file extensions and, once again, BACK UP YOUR FILES.
So, what’s our takeaway in all of this? As I’ve mentioned (three times) backing up your files in a safe, secure place is your best defense against ransomware. If someone takes your system hostage for ransom, threatening to delete your files, it won’t matter if you have all those files on safe storage, such as a hard drive. So yes, beware of phishing emails, use anti-malware and anti-virus programs, disable hidden file extensions and macro loading. However, if all else fails, and you have your files backed up, there will be nothing for hackers to hold against you.
Learn how to detect and mitigate cyber threats with our Cyber Threat Detection and Mitigation Certification Training Course!
Start your FREE trial today!