Ransomware, Ransomware , Everywhere

We have written a lot about ransomware in all different forms and incarnations here on the RCS blog. At the beginning of the year we predicted ransomware would go viral and true to our predictions, now a scant five months later it seems that every tech-news site is just bursting with another story about yet another hospital, business, or utility’s data being held for ransom.

Ransomware Basics

And if you don’t remember your ransomware ABC’s, just to remind you, in a ransomware attack, a company, home user or organization’s networks become locked with a super-strong encryption key that can only be unlocked by the attackers who have the correlating unlock key. During an attack, the compromised data is held under the key and a ransom to be paid in bitcoins is demanded from the victim. Often times, the longer a victim waits to pay up, the higher the unlock fee gets, sometimes upwards of 2-3 bitcoins for home users, equaling $900-1400 at the current exchange rate. For hospitals and businesses the fee can be much, much higher.

A problem that’s not going away any time soon

It’s safe to posit that ransomware is on the rise. In a big way too. In the last year alone ramsonware occurrences were up 35 % from 2014. And as the once-rare phenomenon becomes more commonplace, the attackers get more creative in their methods and attack vectors. In the past, ransomware, by and large, accessed computers as a result of clicking malware infected links in emails and in attachments. Now that email systems are better equipped to route out such emails, hackers have turned their sights to more creative and harder-to-fight methods, like lacing legit websites with bad code, so as to infect any and all visitors to the said website.

For example, just last week, toy maker Maisto found that their website was infecting visitors who were running outdated versions of Flash, Java, and Internet Explorer with ransomware dubbed CrpytXXX. Just a simple visit to their site, which sells their popular remote control cars could render a computer locked using the popular Angler exploit toolkit. Luckily, security giant Kaspersky noticed a small loophole in the code that allowed infected visitors to restore files without paying but sadly hacker are usually more careful than that and you can’t bank on loopholes.

And this past week, the utilities sector got theirs, too. The Lansing (MA) Board of Water and Lights was hit with a form of ransomware after an employee opened an email attachment that contained code that when activated, encrypted files on the organization’s network, causing them to shut down their email and some services.

Both attacks come on the heels of last month’s hospital network-focused ransomware rampage. In the course of just a few weeks, MedStar in Maryland MD, Presbyterian Hospital in Hollywood, CA and Methodist Hospital in Kentucky were all targeted in separate attacks. Hospitals are an easy target because of the highly sensitive and emergent nature of the information stored on their servers. Hackers know that life and death decisions are often hinged on the information they have under lock and key so hospitals are inclined to pay up, rather than wait and see if their IT department can salvage something.

After speaking with hospital IT administrators who asked to not be named, the problem is larger than just what gets reported. Hackers try “mini” ransomware attacks to test the waters at some facilities. One admin admitted that his hospital’s archived radiology reports, of all things, were targeted. They weren’t in any way current or all that useful so rather than pay up, they rebuilt what they could from other databases and let the hackers have their fun with those radiology reports.

Even the FBI is concerned about the phenomenon and published a statement on their website about it in late April. And whereas a few months ago an FBI representative said that they recommend paying the fee because there is no known alternative, they have now changed their tune. According to FBI Cyber Division Assistant Director James Trainor “Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity”

So what does this all have to do with you?

This all just goes to show that ransomware seems to be the attack vector de jour and you need to be prepared. The sad truth is that once files have been locked, they are nearly impossible to unlock so prevention is your best weapon. Knowing how widespread the problem is and how it’s only growing in popularity, here are some easy things you can do to secure your computer and devices before disaster strikes:

Backup your files. This is important advice regardless of whether or not you get hit with ransomware – you never know when your kid might just flush your iPhone down the toilet or when your laptop will just give up and die. So either way backing up is a smart habit to get into. But when it comes to ransomware, it’s your only defense if want to see your files again without paying those rotten hackers.

Stay away from shady emails and links. Most ransomware gets on to computers via infected links in emails as we mentioned above. The scenario usually goes something like this – You get an email from an address you kind of, sort of recognize, and hey, look! There’s an attachment with the email! It has a pretty compelling call to action, something along the lines of “ Open this. Important financial information included” so you open it. By clicking that link you have set into action a process that will lock your files with a strong form of encryption, and now you’re out of luck. This is why having a reputable antimalware like RCS to protect your computer is super important. By routing out the malware harbored in the link or attachment, the ransomware is essentially blocked in its tracks.

Educate yourself about the threat. You don’t need to be a computer nerd to understand that hackers will do all they can to persuade you to do what they want. Learn about their methods and tricks and don’t fall for them.

Patch and update. There is nothing a hacker likes more than an operating system that has vulnerabilities. What does that mean? Vulnerabilities are holes that exist in operating systems. You probably get updates every now and then from software you have installed or from Windows to update your system. These are updates and patches that close newly found vulnerabilities. By failing to update your system according to the software or OS instructions, you are inviting hackers onto your device.

No matter what, don’t pay up. This important for two reasons. 1 – Like the FBI said, we’re not exactly talking about the most reputable guys around here, we’re talking about creeps who might just take your money without actually fixing anything. 2 – When you do pay up, even if they do unlock the files, you just let them know that their methods work and this fuels them to keep going. Nice going.

As the old saying goes “ A stitch in time saves nine.” They probably weren’t talking about ransomware but you see how much truth there is in the statement here. Prepare yourself before disaster strikes, we promise you won’t regret it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s