Unlike other computer crimes, a ransomware attack doesn’t steal data, but locks individuals or companies out of computer files or their entire computer systems with a demand for payment for an encryption key to unlock the information. Often the demands are for a relatively small amount of money, perhaps a few hundred dollars, but a California hospital recently paid $17,000 to restore access to some of its data. “A way of preventing or limiting users from accessing systems until a ransom is paid via an online payment system” is how global IT security company TrendMicro defines ransomware.
Ransomware is expected to continue to be an increasing threat in 2016, according to McAfee Labs 2016 Threat Predictions report, issued late last year. The report stated that with new variants and the success of the “ransomware-as-a-service” business model, we predict that the rise of ransomware that started in the third quarter of 2014 will continue in 2016.
Rising attacks against financial institutions and local governments are expected because of their need to maintain critical systems operations and their willingness to pay ransoms quickly. Hackers typically target organizations in wealthy countries where ransom is likely to be paid.
The agency noted that the financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and the purchase of credit monitoring services for employees or customers. Between April 2014 and June 2015, the IC3 received ransomware complaints, with victims reporting losses totaling more than $18 million.
In addition to the financial implications, businesses affected by ransomware may suffer temporary or permanent loss of sensitive or proprietary information, business interruption and reputational harm.
Tricky to avoid, ransomware can be unwittingly downloaded via visits to compromised websites, through spammed email web attachments or through a payload download. The first sign of an issue is when a computer owner or user encounters a locked screen or encrypted files. The malware was first reported in Russia around 2005, according to the IT security company’s account of the history of ransomware.
When ransomware was first discovered, computers typically became infected when users opened email attachments that contained the malware, according to the Federal Bureau of Investigation. But more recently, the agency has noted an increased number of incidents involving “drive-by” ransomware, where users are lured by a deceptive e-mail or pop-up window which infect their computers by clicking on a compromised website.
The way the ransom is paid is also evolving. While some earlier ransomware scams involved having victims pay “ransom” with pre-paid cards, the agency said there has been an increase in victims being asked to pay with Bitcoin, a virtual currency attractive to criminals because of the anonymity it offers.
The FBI also noted that mobile phones are now being targeted by hackers seeking payment to unlock them.
In its report, McAfee Labs reported that last year “ransomware-as-a-service” was hosted on the Tor network, which enables anonymous communication, using virtual currencies for payments. The anonymity the network offers means that there will likely be an increase in inexperienced cybercriminals using the service, the report noted.
As use of the malware increases, the company expects variations in the types of ransomware to expand.
“Although a few families – including CryptoWall 3, CTB-Locker, and CryptoLocker – dominate the current ransomware landscape, we predict that new variants of these families and new families will surface with new stealth functionalities. For example, new variants may start to silently encrypt data,” stated the report’s author. “These encrypted files will be backed up and eventually the attacker will pull the key, resulting in encrypted files both on the system and in the backup.”
Credits: Claims Journal
Ten tips on how to identify a phishing or spoofing email
Tip 1: Don’t trust the display name
A favorite phishing tactic among cybercriminals is to spoof the display name of an email. Display names are the identifiers attached to an email address.
Tip 2: Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it.
Tip 3: Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
Tip 4: Analyze the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out. Legitimate businesses will often use a personal salutation with your first and last name.
Tip 5: Don’t give up personal information
Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up.
Tip 6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended” or your account had an “unauthorized login attempt.”
Tip 7: Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.
Tip 8: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
Tip 9: Don’t trust the header “from” email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header “from” email address.
Tip 10: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate.