Criminal Extortion on the Internet — Ransomware Is the New Normal
Encrypting ransomware became headline news in the UK when WannaCry attacked the NHS this spring. WannaCry relied on an outdated vulnerability called Eternal Blue which was exposed through leaks from the US National Security Agency. The ransomware shut down systems and limited non-essential services for some hospitals still running Windows XP. Overall, more than 200,000 computers in 150 countries were infected, with Russia and Ukraine seeing some of the highest rates.
Yet headline cases like WannaCry only serve to highlight how widespread the ransomware threat has become. The complicated web of encryption and extortion stretches all over the internet and once victims become entangled it’s hard to break free. Online criminals aspire to reel in big fish like the NHS, but they’re just as happy to settle for small businesses desperate for their data or an individual who is worried about compromising files becoming public. It doesn’t matter as long as the payments keep coming in.
Future Dystopia Is Now
The concept of cryptoviral extortion was first discovered by in the ’90s. Two researchers at Columbia University in the US, Adam L. Young and Moti Yung, imagined what would happen if a former hacker were put in a room with a cryptographer to create the dystopia of tomorrow. The result is ‘data kidnapping’ via cryptography, a malicious software that encrypts computer files and systems so that it is impossible to decode them without the key, or without discovering a hidden flaw in the virus. Young and Yung believed the future of hacking would lead to this type of malware and they weren’t wrong.
Ransomware didn’t take off immediately, but since 2013 it has become one of the most popular and profitable ways for criminals to make money online. Some types of ransomware are available for purchase on the black market, so there isn’t much technical know-how required to set up a scheme and target victims. Payments are made through Bitcoin which is collected on the anonymous Tor network where it is almost impossible to trace. Once the files are encrypted victims have no choice but to lose their data or pay the criminals. The only real safeguard is regular backup.
Ransomware Threats to Watch For
There are thousands of malware strains which defy categorisation. Some are meteoric like WannaCry, which had an estimated impact as high as $4 billion USD but quickly lost its power after a kill switch was discovered and more people began to update their systems. Others are less visible but more insidious because they are designed around a sound business model aimed at raking in cash.
Locky is the latest threat of this nature. It first appeared in February of 2016 and became publicised when a US hospital paid $17,000 worth of Bitcoins to recover vital data. It was extremely prolific until December, but after that it tapered off. Some instances were recorded in the first half of 2017, but not nearly as many until August when a flood of phishing emails armed with new versions of Locky known as Diablo and Lukitis began contaminating the web.
Locky appears in generic looking emails that include a document link to download or print, the type of communication which is common in many offices. Many people will question an anonymous email, of course, but all it takes is one person to click on the download and infect the entire system.
New or updated strains of ransomware appear every day, so rather than looking for a specific type of email it’s better to be cautious all the time and double check every source. This applies to text messages as well as emails. Mobile ransomware is still rare but it’s almost certain to become more common in the future. In fact, it’s more than likely that hackers will eventually attack every internet connected device you own.
If you think you may have been infected with ransomware or another malware, it’s important to get professional help. At Reputation Defender we offer ongoing privacy and security audits. We can help save your reputation if hackers have stolen sensitive data and are threatening to release it publically. Visit our website to learn more.