You get an email. You carelessly open the attachment. You see a notice on your computer, politely phrased in spite of its hostile intent, telling you that your files are now encrypted, but you can get them back if you send a payment in Bitcoin to a specified wallet. Your network security has been breached.
This is called ransomware, and it's the fastest-growing trend in malware and one of the biggest current IT network security concerns, and it goes beyond Los Angeles and Burbank. Anti-phishing vendor PhishMe reports that in March, 93 percent of phishing emails tried to deliver ransomware, compared to less than 10 percent in 2015. It also accounts for half the new variants of phishing email.
The size of the jump may be surprising, but the trend shouldn't be. Ransomware offers a direct financial return to criminals, without having to peddle credit card numbers or other personal information. The Bitcoin cryptocurrency provides them with an anonymous way to collect payment over the Internet.
No One is Immune to Ransomware Vunerability
Ransomware has caught attention with some high-profile cases, including several hospitals that suffered major computing outages from attacks. One hospital, its ability to treat patients hampered for a week, handed over $17,000 to get its files back. Even the US House of Representatives has been a target, though it isn't clear whether Congress has given in to any demands for money. The House network temporarily blocked Yahoo Mail in response.
The US government urges people not to pay cyberextortionists, since payment provides them with encouragement and resources, but an unfortunate side effect may be that people who are hit and pay up don't want to report the crime.
The attacks usually encrypt data files on the victim's computer. Sometimes they encrypt all the data, which actually works against the attacker, since it's inherently more complicated to decrypt a completely locked-up computer than a working one with locked-up data files. The attackers often provide high-quality documentation on how to pay up and then restore the encrypted files.
Some versions up the ante by deleting files over time after encrypting them. The usual pattern is to delete a few files initially, then more as time passes, in order to provoke fear and force quick payment. In this case, paying the extortionist only stops more files from being deleted; it doesn't get back the ones that have already been wiped.
Most of the attacks so far have been on Windows and Android systems, but some have targeted Linux and Mac OS X, and experts have speculated about future attacks on the Internet of Things.
Keeping a current backup is a strong defense. Many forms of the malware will also encrypt files on attached drives, so a remote or offline backup is best. You'll need to restore the whole system to the pre-attack state.
Other defenses are common to all types of spam and malware. Use a spam filter, so that most hostile email messages won't reach your inbox. Don't open attachments if you aren't sure they're legitimate. A sender address that you recognize isn't proof that they are; sophisticated spammers steal address books and forge people's addresses to make their messages look legitimate. Never open an executable attachment unless you were specifically expecting one.
Use Quality Security Software and Keep it Up to Date
Security researchers have found ways to recover files encrypted by some ransomware, without having to get a key from the attacker. If your files get locked up, check for known fixes.
Law enforcement officials go after the people behind the attacks and the servers they use, and sometimes they have significant successes, but new attacks keep popping up, and sometimes the perpetrators are in remote locations where it's difficult to catch them.
All users and IT Services providers need to be vigilant against ransomware. To assist businesses in understanding the key steps to take to assure their network security is safe, we put together the Business Owner's Guide to Data Protection and Security. This will give you the top 10 steps to take as well as a bonus disaster recovery check list. Click below to get your complimentary guide today.