Ransomware is one of the biggest threats to hit the internet in 2022. Here are a few essential facts and tips to help you avoid becoming a victim.
The term “ransomware” denotes a type of malicious code that locks down computers or encrypts victims’ important data and demands money for recovery. These perpetrating programs can hijack entire corporate IT networks, databases or websites. It targets websites, home users, governments, and companies of different sizes. The ransoms are mainly payable in Bitcoin, Monero, or another hard-to-trace cryptocurrency that prevents attacker attribution and helps the felons stay on the loose. Furthermore, the use of The Onion Router (Tor) technology for interacting with victims adds an extra layer of anonymity to the malefactors’ extortion schemes.
Cyber security experts from VPNBrains.com note that most of the present-day ransomware campaigns appear to be immaculately orchestrated. They leverage military-grade RSA and AES encryption algorithms to affect PC users, companies, critical infrastructure organizations, and even governments. But is the extortion plague really that top-notch and unbeatable? Here are five noteworthy facts reflecting the nuts and bolts of ransomware.
Ransomware is older than most people think
The emergence of ransomware as a phenomenon dates back to 1989. The first sample known as the AIDS Trojan proliferated via 20k diskettes sent to participants of the AIDS conference that took place in Stockholm. The booby-trapped floppy disks contained a Trojan that would encrypt files on a targeted computer’s C drive. This prototype of modern ransomware employed symmetric cryptography and demanded $189 for data recovery. The campaign was not too successful due to primitive distribution, weak crypto, and a negligible number of personal computers back in the day.
It was not until 2012 that a new ransomware outbreak occurred. It was the dawn of screen lockers’ domination in the online extortion ecosystem. These threats, including the prevalent strain called Reveton, displayed lock screens impersonating the FBI and other local law enforcement agencies. While accusing victims of copyright violations and similar felonies, the Trojans demanded a fee so that the case would not go to court. Locker ransomware is not nearly as common these days as it used to be, but it is still alive and kicking. Fortunately, it is all about bluff and is not very sophisticated.
The rise of file-encrypting ransomware became another milestone in this evolution. The first noteworthy sample from this category called CryptoLocker was discovered in 2013. It propagated via spam and exploit kits, encoded victims’ personal data with a strong cryptographic algorithm, and instructed them to pay a hefty ransom in Bitcoin for the decryption key. This workflow reflects today’s most widespread extortion model.
Avoiding ransomware is easy
Many ransomware campaigns engage exploit kits, spy apps, and remote management tools. Hackers also try to identify software vulnerabilities on computers and exploit them to run harmful code behind the scenes. Out-of-date software poses the main entry point for such intrusions. To thwart this particular attack vector, it is very good to use, for example the Action1 patch management system and install software updates as soon as they are available.
Recovery without backups: mission impossible?
The aftermath of the average crypto-ransomware attack is messy. All valuable files stored on the local drive, network shares, and removable media get scrambled with an uncrackable cryptographic algorithm, or sometimes a combo of the symmetric AES and asymmetric RSA algorithms. Since brute-forcing the decryption key is technically unfeasible most of the time, the necessity of paying the ransom may be imminent. Under the circumstances, data backups are a godsend as they allow reinstating all mutilated files beyond the ransom route. Just be sure to eradicate the infection properly before restoring data from backup. Fortunately, most antimalware suites easily cope with ransomware removal – in fact, some of these infections terminate themselves after completing the encryption task.
But what if there are no backups at all? In this case, plan B is to identify the ransomware family you are confronted with and check whether a free decryptor is available. The online service called ID Ransomware can detect hundreds of ransomware strains, so it is a good starting point for troubleshooting. Furthermore, security software vendors and enthusiasts have crafted dozens of automatic free decryption tools for different ransomware samples, so do not fail to check for one online.
To pay or not to pay?
This is the biggest dilemma accompanying every ransomware incident. By paying up, you add fuel to the furnace of cybercrime and provide the extortionists with resources to enhance their nasty business model and coin increasingly sophisticated infections. Another nontrivial thing to keep in mind is that no one can guarantee that you will obtain your decryption key after submitting the ransom. Trusting the crooks is a slippery slope. Furthermore, some crypto-threats are poorly coded, and the recovery may simply fail due to technical issues. Thankfully, researchers are releasing more and more decryptors that do the trick for free. So, try everything alternative first to avoid funding the threat actors.
A glimpse into the future
Several years ago, IT experts created a proof of concept ransomware that targets smart thermostats. In 2017, a different group of researchers came up with a PoC that affects industrial control systems. It is naive to believe that criminals cannot do something similar. In fact, real-world ransomware attacking Android-based smart TVs is already here. Critical infrastructure and the Internet of Things (IoT) are shaping up to be ransomware devs’ new major targets, and it is high time the security industry and law enforcement teamed up to devise reliable defenses.