By Joe Dysart
Now With Live Chat
The scourge of ransomware has become so ingrained in the very fabric of computing that some of the criminals behind it have actually begun offering live chat support for victims who agree to pay their ransoms. The new “service” was discovered this past summer by Trend Micro, an IT security firm that posed as a victim of ransomware and was cheerfully offered live chat support in exchange for its ransom payment.
“Right now, ransomware is an epidemic,” said Ryan Naraine, head of global research and analysis at Kaspersky Lab. “Although it has been around for more than a decade, we have seen a recent explosion of new ransomware families that is cause for serious concern.”
Added Kevin Haley, director of Symantec Security Response: “Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly skilled technical staff that operates with such efficiency that they maintain normal business hours. We are even seeing low-level criminal attackers create call-center operations to increase the impact of their scams.”
The growing professionalization of ransomware is a concern for every business-computer user whose PC, laptop or smartphone can be infected with the malware via an email attachment, malicious link or compromised website. As victims learn all too well, once ransomware takes hold of a machine and encrypts all of its files, you generally have only two choices if you’re unprepared: Pay the ransom and “hope” that the criminal behind the hostage takeover of your machine feels like restoring your files once money exchanges hands, or refuse to pay the ransom and kiss your files goodbye.
“One of the reasons why ransomware has become so popular lies in the simplicity of the business model used by cybercriminals,” said Aleks Gostev, a chief security expert at Kaperseky Lab. “Once the ransomware gets into the user’s system, there is almost no chance of getting rid of it without losing personal data.”
More than 700,000 computer users were hit by ransomware in the 12-month period ending March 2016, with the United States, Germany and Italy suffering the highest percentage of attacks, according to a report released by Kapersky Lab. Moreover, Kapersky said that the scourge of ransomware is expected to only get worse in coming years before security pros can hopefully get a handle on it.
According to Kapersky’s Gostev, one factor fueling the trend is that ransomware crime bosses are proliferating the malware across the web by giving it away free to low-level criminals with only basic tech skills. Under the bargain, the crime bosses’ lackeys do the dirty work, and the crime bosses get a cut of every ransom paid.
Also giving ransomware wings has been its spread to myriad types of computers. Major security firms such as Trend Micro and Symantec, for example, report that ransomware is now also showing up on Mac, PCs, Linux computers and smartphones. At this point, essentially any network-connected device should be considered at risk of being infected by ransomware, according to Symantec’s Haley.
Patrick Traynor, an associate professor in computing at University of Florida, helped develop prototype anti-ransomware software that has defeated 492 strains of ransomware.
Meanwhile, even more impetus for ransomware’s spread has been the emergence of Bitcoin, a new electronic web currency that enables criminals to demand ransoms and pick up their payment without the worry of a paper trail.
“The demand to pay the ransom in Bitcoins makes the payment process anonymous and almost untraceable, which is very attractive to fraudsters,” Gostev said.
For any business dependent on a computer, the message is crystal clear: Get your technology protected with security software. And ensure that every employee follows these best practices:
Use Strong Passwords: Security firms say that you should ensure that your passwords are very strong and that you should change your passwords every three months. Additionally, you should consider using a password manager to further protect your information.
Think Before You Click: Opening the wrong attachment can introduce malware to your system. Never view, open or copy email attachments unless you are expecting the email from a trusted sender.
Install Security Software: Use an internet security solution that includes antivirus, firewalls, browser protection and proven protection from online threats.
Be Wary of Scareware Tactics: Some social engineering and faux ransomware attackers attempt to trick you into thinking your computer is infected to get you to buy useless repair software or pay money directly to have an uninfected computer “restored.”
Safeguard Your Personal Data: The information you share online puts you at risk for social-engineered attacks. Limit the amount of personal information you share on social networks and online, including login information, birth dates and pet names.
Keep All of Your Software Patched and Up To Date: This really can make a difference, given that ransomware proliferators are now seeding legitimate websites with ransomware, knowing that their ransomware can be downloaded via simple interaction on the websites and then infect a computer on a software application running with outdated security protection.
Be on the Lookout for Network-Wide Attacks: Stuart Sjouwerman, CEO of KnowBe4, an IT security training firm, said that newer forms of ransomware are capable of encrypting an organization’s entire computer network in one fell swoop.
Go In-Depth: KnowBe4 offers a free, 20-page “Ransomware Hostage Rescue Manual” with actionable information to prevent infections and what to do when hit with ransomware. And IBM has come out with a through “Ransomware Response Guide,” released June 2016.
One Silver Lining: Researchers at the University of Florida have developed a new prototype anti-ransomware software that has defeated all 492 different strains of ransomware that it has gone up against it. The trick is that the prototype software, Crypto Drop, allows ransomware to activate on a machine but then quickly shuts down the ransomware once it detects it encrypting files.
“You lose only a couple of pictures or a couple of documents rather than everything that’s on your hard drive,” said Nolen Scaife, a doctoral student in computing at the University of Florida, who helped develop the code. “It relieves you of the burden of having to pay the ransom.”
Added Patrick Traynor, an associate professor in computing at the University of Florida, who led the team that developed CryptoDrop: “Something needed to be done.”
The Florida researchers currently are looking for a partner to bring CryptoDrop to market as a commercial product.