Ransomware may potentially be the biggest threat in 2016. Criminal organizations are making big money from ransomware. According to a Geek.com article by Lee Mathews, Cryptowall, a ransomware application, generated over $30 million USD for criminals. People simply pay to get their data back, a system operational again, or prevent being publicly revealed. The criminal marketplace (yes, ransomware is sold and traded within the DarkWeb) provides a wide range of choices and varieties of ransomware, with many variants popping up on a daily basis. Some are very difficult to detect, such as Locky. This one is distributed within Microsoft Word documents as a macro…it is very difficult to detect and block.
How do you protect yourself against ransomware? It is tough.
Microsoft has some issues with malware and the attack vector. Experts have said one of the biggest problems with the Windows system is the culture of blanket administrative access. Microsoft has estimated a large majority of malware would not work if users were not logged on as administrators. In one estimate, it was stated that 100% of all new malware that was remotely exploitable, meaning successful hacking attempts would result in remote access to your computer, would be completely infective if you were not logged in as an administrator when they attack.
We have to start changing the culture of logging in with administrative accounts. On Mac OS X, Linux, and UNIX systems, this is solved by having to separately log in with administrative privileges, which are separate from normal user credentials.
This does not entirely solve the malware issue. Malware targets user files and documents. Any user, normal or administrator, has access to his or her files. That is essentially the law of computers. Malware may not be able to infect the entire computer, but it can certainly take away and destroy all files available to the logged on user.
A technique that has proven to be effective is whitelisting applications. Whitelisting defines exactly what applications and processes are allowed, while blocking anything else. Although this works very well for blocking malware, the administrative overhead and the requirement for organizations or individuals to change their behavior and what they are allowed to do can be daunting. Sometimes it seems simply easier to take the risk of being infected with ransomware or hope it does not happen rather than enforcing and implementing these types of policies. I personally think it is worth considering, given the potential outcomes of not doing so.
Some advanced end user solutions are effective, such as using micro-virtualization of applications:
’Signatureless’ kernel behavior tools are also effective. You can read about that approach here:
The Ashley Maddison data release in 2015 spawned some interesting uses of ransomeware. The latest seems to involve ransomware being morphed by incorporating sexploitation blackmail techniques. Originating from China, Malaysia. Indonesia, Philippines, and a few other countries, criminals start by enticing people into having a video (think Skype) conversation. The attackers record the session. Then they blackmail the victim into paying money by threatening to release the video to friends, family, and other Internet sources. They use services such as Facebook to find out how much they can victimize someone with a video release.
This came from:
This is a very distinct form of cyberbullying, and it has led to extremely horrible cases whereas people have committed suicide. There are dozens for examples, and some of the transcripts in these cases are truly horrifying. In one particular case, blackmailers taunted a victim stating there was nothing he could do. A video would be posted, all his friends and family would see it, and he should simply commit suicide. A few hours later he did.
An anonymous user on Quora posted great advice on how to deal with these types of situations after the same thing happened to him. Please refer to the comments section here:
Is ransomware here to stay? Law enforcement is developing new techniques to try to fight it, but there is an inherent problem. Most ransomware payments are made in Bitcoin. Bitcoin is generally considered anonymous, making it difficult to assign culpability to a specific individual. However, Bitcoin exchangers, in conjunction court orders, are allowing law enforcement to start investigating and cracking down on this type of crime.
Generally, people will go to a Bitcoin Exchange to trade Bitcoins for currency. Many Bitcoin Exchanges now require identification. For example, if the bitcoin exchange is in the US and has custody funds on behalf of their clients, they are most likely operating as broker/dealers. They are also legally subject to anti money laundering laws, policies, and procedures. Generally, this means by law they are required to check personally identifiable information prior to financial transactions.
Of course, this does not completely address the issue. There are many techniques to anonymize Bitcoin transactions, launder money, and make tracing them close to impossible. That is beyond the scope of this article – maybe the next article will discuss that.
Unfortunately, ransomware appears to be here to stay. People should simply not pay ransoms. There are circumstances when it is almost impossible not to, and I understand that. However, as long as people continue to pay, the attacks will continue. Bad people will do whatever it takes to make money.
Here is some simple and free advice.
Avoid compromising situations. Have good data backup procedures for your laptop, desktop, cell phone or other mobile devices. Look at Web links closely before you click them. Do not open the tracking package notification sitting in your spam folder. Understand that the person you are interfacing with online may not be the person they are representing.
As is true with a vast majority of cybersecurity issues, mitigation comes down to culture and sensibility rather than a piece of technology. We can modify our personal behavior but not automate it.
Well…at least not yet…