Kidnapping for money is something common in various parts of the world today. In Cyber Security too, we are facing this in the form of Ransomware, a new way of kidnapping and some people call this as Digital kidnapping. Here the Cyber criminals kidnap our valuable data and hold them as a hostage. Think about a situation where an organization’s entire system is held as hostage by an outside party and are unwilling to release it until a ransom is paid. Not only valuable data, in this IoT era where we use Smart TV’s, smart watches, smart fridges, and we already witnessed car hacks, a cyber criminal can hack those and ask ransom to get it back. Imagine a situation where you are driving a car and a criminal gets your vehicle control and asks for ransom to give you back the vehicle control. Day by day, we are hearing a lot of ransomware stories, most of them targeting health care organizations.
We read a lot about Ransomware before. It is very important to understand more about it. Ransomware is a type of malware that restricts access to your system and demands you to pay a “ransom” to the malware author in order to regain access. Out of all the classes of malware, “Ransomware” is the most destructive one because in most of the cases it is impossible to recover from its destructive effects. The main goal here is to hold you as a hostage through a variety of lockout mechanisms and the most successful is by encrypting your valuable data and forcing you to pay for the decryption key. Valuable data could be confidential work related documents, your medical documents, family photos and other personal documents. The criminals employs a time-pressure tactics as the ransom needs to be paid within a specified time period, in most of the cases it would be less than 96 hours, if not the unique private key that encrypted the files will be destroyed rendering your data unrecoverable. Do not think about brute forcing the private key as the level of encryption is so high and you donot have the time to play with that.
The way these cyber criminals trap people is interesting. The simplest way is by pretending to be a law enforcement agency, they will give you a message that some illegal software or a copy of pirated movie has been found on your machine and you need to pay some amount to avoid facing lawsuits. Normal user will believe that this warning is genuine and in order to avoid further problems of using the illegal content or software if they report to authorities, they will pay that amount and most of the cases the amount won’t be that huge.
The most notorious Ransomware malware is the one that includes encryption. Most of the ransomware can be cleaned up by using an updated antimalware or antivirus but the one that involves encryption is trickier. Mainly there are two types of ransomware; Locker and Crypto.
Locker ransomware that spreads through social engineering or phishing campaigns is a computer locker that denies access to our computer. The locked computers will often be left with limited capabilities and in most of the cases it allows the user only to interact with the ransomware and to pay the ransom. Here access to the mouse will be disabled and the keyboard functionalities are limited to numeric keys, allowing the victim to only type numbers useful in making the payment.
Crypto ransomware is developed to find and encrypt valuable data stored on the computer making the data useless unless the user obtains the decryption key. Cryptolocker is an example of that type of malware and it will search the entire system to find out the files that contains valuable data. This ransomware will then go through the process of encrypting each of those critical files with an encryption key so that those files will be unreadable to the victim. The ransomware will then create a pop up informing the victim that their files have been encrypted and they must pay some amount of money within a short span of time or the decryption key will be destroyed by them leaving the files locked. Unlike other malwares, this one does not target critical system files or deny access to the computer functionality. This gives the ability for the victim to initiate the payment.
These criminals are too smart as they don’t demand for huge money. If they ask for more money, most of the people will ignore the loss of data or access. If it is a reasonable amount, the victim is more likely to be tempted and pay the ransom to get back the data. The average ransom amount is around 300 dollars, and the malware authors accept Bitcoin for payment as this is not traceable by law enforcement.
Most of the people are looking for solutions to defend against this type of kidnapping attacks.Yes, we need solutions and devices but at the same time we need to show due care and due diligence. We need to understand about the importance of Patch Management, Backup Management and User Security Awareness. I always emphasize on the importance of these three. Rest all the actions will be taken care by your solutions or devices if you properly configure, update and manage.
We need to take the necessary precautions to protect our information and to maintain vigilance, which are the best solutions to avoid these sorts of attacks. But if you are not updating your operating systems, antivirus, antimalware, or any other software or applications, then you need to understand that you are opening doors to these criminals. Never ever postpone applying a patch or updating an antivirus. If you are a home user, it’s high time you stop downloading the freeware from illegal websites and download only from trustable reputed websites. Always update your browser plug-ins like Java and Adobe Flash and Reader.
Backing up your data is another important factor. If you have a good backup, then you can easily recover your files. If you pay money, then you are encouraging them to come back stronger with new tricks, but most of the cases when it comes to the criticality of the data, you compromise.What is the surety that they will provide the decryption key even though you pay the ransom?They can also ask for more money if they feel that you are ready to pay the money.
The cyber criminals attract the victim through infected advertisements, email, or visit an infected website (drive-by attacks). So it is important to start practicing safe browsing habits, always avoid suspicious links and do not open any email attachment from unknown people. A careless one link click by an individual can cost the worst. Even if the worst happens, no need to panic, as I mentioned if you have a good backup, your files can be easily recovered. Almost all leading security product companies are developing and releasing antimalware applications consistently to deal with these sorts of attacks, but rather than going for a treatment it is more important that we should go for the proactive measures to stop those from occurring.
Going forward we should understand the importance of a vigilant cyber security centric corporate culture that can cultivate an environment of security awareness.