News outlets, online forums, and just about everywhere else are overflowing with reports on the dangers of Ransomware. Many IT professionals consider it the biggest current threat to our digital security. But what is Ransomware?
There is so much information on this topic that it can be difficult to know where to start.
There are endless reports, documents, and blogs available to read.
To save you time, I would like to share some advice and insights I have gained over the years I’ve spent as an IT specialist.
It is important that we protect ourselves, and the companies we work for, from this kind of cyber threat.
What Can Ransomware Do?
In the last few years, online news outlets have featured an increasing number of stories about the damage ransomware causes. Including stories of ransomware hitting:
- three US hospitals
- a medical center
- a Michigan utility company
- multiple news outlets
- various police departments in the US
And that’s just to name a few cases. In fact, many US companies are being targeted through ransomware.
And targets can be hit by ransomware in any number of ways such as:
- via email attachments
- compromised websites
- malicious advertising (adware)
- fake Flash and Java update packages
- social media links with free goods or exclusive videos
- packaged or re-packaged free software programs
- the exploitation of security vulnerabilities
- free storage media including USB flash drives and free DVD/CD’s
You’ll probably recognize that most of the methods presented above are not that new. They have been used for more than 20 years for malware deployment.
However, these tried and tested methods are now being used to infect systems with ransomware – which in many ways is the most destructive form of malware currently in use.
But ransoms are not a new phenomenon.
Ransoming Has a Long, Dark History
Unfortunately, ransoming has a lengthy history.
People have long used ransoms for personal gain by seizing something of value from a victim and then extorting money, another asset, or other advantage in exchange for its return.
History is filled with grim tales of ransoms used for war or crime. Countless Hollywood movies over the past 50 years have depicted ransoms as key plot devices.
Fast-forward to today, and many of the things that are valuable to us are digitally stored on computer systems and databases in different parts of the world.
Given our history, it was just a matter of time until criminals developed methods to seize and ransom digital assets.
Modern Ransom for Computers
Ransomware is a new word adopted by IT that combines together the words ransom and malware.
Ransomware is defined as holding a computer system, or data on it, for ransom by means of various programmed methods and the exploitation of vulnerabilities.
Although malware using ransom methods existed from as early as 1989, widespread deployment was difficult because the number of computers connected was small and it was easy for law enforcement agencies to track down the payments and malware e-mails.
Modern ransomware appeared as early as 2011 – examples include the FBI Trojan, Police Trojan, and Ucash ransomware.
It is a software program written specifically to load on your system and convince you to make a payment in order to regain access or control over your computer.
It uses something called social engineering to achieve its goals.
Often ransomware tries to do this by posing as a message from a governmental agency. This plays on people’s fears that somehow their behavior has broken the law in some way.
It will have a well-written message to compel the victim to pay a fine using alternative currencies or vouchers that can be exchanged for money.
A Shift in Ransomware Methodology
From 2013, we saw a shift in ransomware methodology and behavior.
In 2013, CryptoLocker was one of the first types of ransomware that encrypted certain types of files and demanded money in exchange for decrypting the files.
Instead of just tricking users with browser locks or computer desktop hijacks, programs were used to encrypt important files on the system.
In exchange for decrypting the files, users had to pay the ransom.
This was a very big shift from standard malware, which was used mostly for identity theft, credit card theft, and bank login theft.
Presently there are many thousands of variations of ransomware.
They range from encrypting valuable files and documents to encrypting the operating system altogether or even threatening a DDOS attack if the ransom is not paid.
What is Ransomware and What Does It Do?
There are many different kinds of ransomware, all of which operate differently.
Getting into some of the nitty-gritty details for a moment, the majority of ransomware operates using the following pattern:
- Ransomware is disguised as a normal program by its creators in an attempt to hide from anti-virus and anti-malware programs.
- It sets up a communication via HTTP or TOR to the Command and control
- It receives encryption keys from the Command and Control center and starts encrypting files depending on its programming.
- It deletes Windows local backups to prevent restoration of the files.
- It tries to spread across the network and to infect as many unprotected computers as possible.
- After the encryption has reached a pre-determined point it will insert documentation on the desktop wallpaper and in every folder. This document will contain instructions on how to pay the ransom and decrypt the files.
- To add urgency to the victim’s decision making it displays a countdown timer after which decryption will be impossible.
It all adds up to a horrifically effective cyber threat. In part this is because ransomware uses social engineering devices to manipulate victims.
Social Engineering (IT Security)
Social engineering in the context of IT security refers to the manipulation of people to perform actions that they would otherwise not perform under normal conditions.
It is a particularly effective and dangerous form of attack by cyber criminals.
Social engineering also forms a part of other threats we are familiar with.
The CEO scam for instance – in which cyber criminals pretend to be a senior executive within a company and falsely authorize payments by the company into their bank account.
Or advance fee fraud – in which companies and individuals are targeted by cyber criminals with the offer of a large, hassle-free payout if they help move a large of sum of money internationally.
And prize scams – in which individuals are coerced into parting with money in order to “increase chances of winning a prize” or to “secure the delivery” of their prize.
In every example of this type of social engineering, the cyber criminals impersonate people or organizations of influence and credibility, which is why they are so effective.
Social Engineering and Ransomware
As previously mentioned, ransomware uses social engineering as its way of operating once it is on a computer system.
But to get there it uses more social engineering – mostly delivered in e-mails.
We’ve all received these kinds of emails at one point or another. Cyber criminals can find and use our email addresses via many different means.
Once they’ve got hold of an email address, they’ll fire off well written emails that urge the recipient to open the attached file.
To manipulate us, emails might contain:
- familiar e-mail addresses
- reference to recent events (real or fictitious)
- mention of unpaid bills
- any other tricks to inspire our fear or curiosity
Most of the time, these kinds of emails will immediately raise a red flag in our minds, and we will ignore or delete them.
Cyber criminals play the numbers game. If every 1 in 10,000 emails are opened and attachments are activated, that’s enough for their purposes.
Victims can range from the normally tech-savvy who experience a moment of thoughtless action to those who may be more naïve and inexperienced in their computer usage.
Ransomware is one the biggest threats we face to our digital security, both personally and at work.
In summary, ransomware is a type of malware that spreads itself onto computer systems in many of the ways we have seen used by computer viruses and other types of malware for years.
It’s so destructive because of the action it takes and the way that it does it.
It draws on thousands of years of history in which ransoms have consistently posed a great threat, and it utilizes a potent mixture of social engineering and emotional manipulation.
Thankfully, there are many things we can do to prevent ransomware from infecting our computers, and we will explore these in the next article in this series.
Have you experienced ransomware infections? Or discovered some useful advice? Share your thoughts with us in the comments section.