Internet Security Threats Articles | Kaspersky Lab US

Ransomware: It's the stuff of nightmares: You open your laptop one morning and discover all your documents and pictures have been encrypted or that non-ransomware programs prevent your computer from booting. You see a message in broken English pasted across the screen demanding you pay a ransom to have your files or computer unlocked. In the past two years, ransomware has seen a significant increase as more users choose digital storage methods over physical record-keeping for critical documents, photos and other information. Here's a look at the history of ransom code, how it has impacted users in the past year and what you can expect in the future.

The Basics

Ransomware is a type of malware designed to hijack computers and force victims to pay ransoms to have their files decrypted. Hackers infect your computer by prompting you to download a malicious email attachment or visit a code-carrying website, which ultimately encrypts your critical files or denies access to your computer. Two main forms of this malware are currently popular:

  • Locker ransomware. This type of malware locks users out of basic computer functions. For example, you can be denied access your desktop, while your mouse and keyboard functions can be partially disabled. You'd still be able to interact with the ransom demand to make payment, but otherwise your computer would become essentially useless. The good news? Locker malware typically avoids encrypting critical files in favor of simply locking you out, meaning there's less chance of total data destruction.
  • Crypto ransomware. The goal of crypto ransomware is to encrypt your critical data — such as documents, pictures or videos — while leaving more basic computer functions untouched. This generates a sense of panic, because you can see your files, but you can't access them. Crypto creators often include a countdown in their ransom demand: If you don't pay by the deadline, all your files will be deleted. With many users unaware of the need to make multiple file backups across cloud and physical storage devices, crypto ransomware can be devastating and lead many victims to pay the ransom in the hopes of getting back their digital assets.

The first modern ransom malware emerged in 2005 with Trojan.Gpcoder. In 2015, more than 58 percent of corporate PCs were attacked with malware, and cryptolocker attacks doubled, according to Kaspersky Labs. Locker ransomware made up approximately 20 percent of ransomware. According to Softpedia, the number of corporate ransom attacks has doubled in 2015, even as law enforcement agencies look to shut down ransom code creators and servers. Popular 2015 Ransomware

2015 saw a number of new ransom malware types emerge:

  • Linux Server threats. As noted by CSO, several Web security firms discovered Linux malware designed to lock out Web administrators from Linux servers and prevent them from accessing necessary website support functions. While a predictable encryption key workaround was discovered, new variants of the malware appeared, and they didn't respond to the decryption tool. Hackers were asking for one Bitcoin to release critical files.
  • Cryptowall 4.0. A new version of the popular Windows-based CryptoLocker is now being distributed via the Nuclear Exploit kit, according to Threatpost. The biggest change in 4.0 is that it now encrypts file names along with data in an effort to further obfuscate its processes and make it more difficult for victims to recover information without paying.
  • TeslaCrypt. This Cryptowall competitor also released a new version in 2015. Security firms tracked a massive spam campaign delivering this malware through infected email attachments that claim to be overdue invoices.
  • Locker. Popular in summer 2015, the Locker ransomware lay dormant until May 25 when it activated, locked files and demanded a 0.1 Bitcoin ransom, which increased to 1 Bitcoin after 72 hours. Oddly enough, after less than a week, malware creator "Poka BrightMinds" made a Pastebin apology and decrypted all infected computers. Any Bitcoins paid were not returned.
  • Android Malware. Mobile ransom malware has yet to reach the same volumes as its PC-based counterparts, but 2015 saw a significant rise in ransom code across Android devices. A variant of Android malware denied users access to their devices and claimed users had been illegally viewing adult content. The cost of freedom? $500 in a MoneyPak voucher.

Victims often wonder if they're better off paying the ransom to ensure data is returned, and some people agree. At the 2015 Cyber Security Summit, Assistant Special Agent Joseph Bonavolonta of the FBI advised companies infected with malware to pay ransoms. According to Kaspersky Labs, however, that's a bad idea. First, there's no guarantee that cybercriminals will keep their word and decrypt your data. Second, the more money they earn, the more likely they are to try again. Finally, both security firms and law enforcement organizations are working hard to find and post valid decryption keys, so it's worth checking the Web for possible solutions before shelling out cash.

The Future of Digital Extortion

This year certainly won't be the last for ransomware, so what does the future hold for digital extortion? According to MakeUseOf, there are a few likely scenarios. Vehicle-based ransom malware is one option, since researchers have already demonstrated that it's possible to hijack and take total control of a moving vehicle. Smart home technology, such as security cameras, door locks and thermostats is also a possible avenue, because these devices require Wi-Fi and many are poorly secured against brute-force attacks. There's also the risk of health-based ransomware, which targets devices such as pacemakers, implants or health monitors. The burgeoning Internet of Things (IoT) offers a host of connective possibilities and is short on security standards.

Ransom malware is here to stay. Its form and targets may change, but the method is tried and true. If you're infected, try not to panic: Look for help online, don't pay up, and consider the use of real-time security protection moving forward to help detect and quarantine ransom threats before they lock you out.

Other helpful reads and links related to Ransomware