Your Money or Your File(s)!
- Dec 13, 2016
- Guest Author
Growing up as a kid in the 80’s ransom used to be a simple thing. A bad person with a foreign accent would kidnap the loved one(s) of a square-jawed, wealthy protagonist and demand a large sum of money for their safe return.
But kidnapping someone’s significant other, their child, or even their beloved pet chihuahua is risky business. The criminals have to first identify a wealthy individual, then get physically close to kidnap the target without being seen or caught in the process. Then they have to have a safe location from where they can communicate the terms of ransom and hope they can get their money without being snared by the police.
The rewards may have been high, but the risks were even higher.
As the digital age has taken hold, one of the biggest threats that businesses, governments, and consumers all face is ransomware.
Ransomware is the digital rebirth of ransom, but with a twist. Instead of going after loved ones, ransomware targets data.
In recent years, crypto-ransomware has quickly become one of the most popular attacks for criminals. The ransomware targets files such as office documents and photos, and encrypt them.
Once the files have been encrypted, the ransomware will typically upload the private key to a remote server and then delete the local copy. The victim will then see a demand for payment.
In traditional terms, this would be the equivalent of a criminal locking a loved on in a cupboard in your own house – then taking the key and demanding payment within certain time to return the key.
Ransomware typically infects a computer in one of two ways:
Payment of a ransom is done typically through Bitcoin, gift cards, prepaid debit cards, or other hard-to-trace mechanisms. All of which allow the attacker to make off with the money relatively easily.
While the payment of ransom may not completely guarantee the safe return of encrypted files, in most cases, criminals understand that much like a traditional business, reputation is important. In order to maintain credibility in the marketplace and continue to reap rewards, it is in their interest to restore files upon receipt of payment.
From a business perspective, ransomware is particularly shrewd. it removes all the risks associated with traditional old-fashioned ransom schemes whilst increasing the reward.
Some cyber-criminals have gone upstream and provide ransomware tools and services for others to use. For example, the Tox ransomware toolkit was free for hackers to download and distribute. Tox would be provided free of charge and in return would take a 20% cut of all ransom generated.
As if things couldn’t get worse, Shade ransomware has been found to using the TeamSpy RAT to do some thievery before encrypting the goods.
There is no single technique that can prevent all ransomware infections, however, employing certain strategies can reduce the risk, or impact of an infection.