Ransomware Gets Real: the 2016 Cyber Fright of the Year
Call this the year of ransomware – and that means cybercrooks have their eyes on your money.
Here is what McAfee said in its Threat Predictions Report: “Ransomware will remain a major and rapidly growing threat in 2016. With upcoming new variants and the success of the ‘ransomware-as-a-service’ business model, we predict that the rise of ransomware that started in the third quarter of 2014 will continue in 2016.”
Read that again. The terrifying bit is the rise of ransomware as a service which means even the technically unskilled can pay a very few dollars and buy the tools they need to unleash a ransomware campaign where they freeze your key files, demand a ransom – usually payable in Bitcoin – and when the money is paid, in theory the crook restores access.
For the present the attacks primarily focus on Windows based computers. There are, however, reports of successful ransomware attacks on Apple computers.
What about mobile devices such as iPads and smartphones? Experts indicated there have been successful attacks but not many, mainly because data on such devices typically is backed up to the cloud as a matter of course. That means the threat of locked files is just hot air because, with a few clicks on a wiped device, the victim can be back in business without paying a dime in ransom.
That is one key defense – keep files backed up to the cloud. There are others. More on them shortly.
For now, dwell on the grim magnitude of the threat. Said McAfee: “The groups behind most current ransomware campaigns are going for ‘fast cash,’ by using spam campaigns and exploit kits such as Angler, and targeting wealthy countries in which people can afford to pay the ransom. While we expect this to continue in 2016, we also foresee a new focus on industry sectors including financials and local government, which will quickly pay ransoms to restore their critical operations. In fact, we have already have seen criminals be quite effective in attacking these sectors.”
Note: the shift is on, away from attacks on individuals – though there are still many such attacks – and increasingly against businesses. Money is why. What’s a realistic ceiling for a quick ransom paid by an individual? $500? Probably not much higher. For a business, think 10x more, maybe higher still.
How much is the only copy of accounts receivable worth? How about customer relationship management files? Such data means money – and businesses will pay to retrieve it,
In that vein, Jay McLaughlin, chief security officer with Q2ebanking in Texas, said he knows of a bank that fell victim to ransomware where the crook locked the bank’s so-called core system – that is, the accounts ledger. The bank paid the ransom to get the file unlocked. “But they did not get their data back,” said McLaughlin.
That, sadly, is another trend, said many experts. Ransoms are paid by victims but the cybercriminal does not unlock files as promised. So the victim is out the money, lost his/her files, and there are no easy cures.
Expect more and worse. Jake Olcott, a vice president with security company BitSight Technologies, added: “Ransomware is becoming common because it is so easy to acquire.”
Incidentally, several US police departments are known to have been ransomware victims. Don’t expect much law enforcement help.
How big is this ransomware threat? By Microsoft’s count, in six months of 2015, it detected ransomware – from just two leading families of the malware – on some 850,000 PCs.
What can you do to protect yourself?
As already noted, have all key files backed up, ideally to cloud servers, and with really important files, duplicate cloud backups is a good idea.
Step 3: Be very, very cautious about the email attachments you click to open. Be very suspicious of Zipped files. Infected attachments have been a key vector for spreading ransomware. If you do not know – and trust – the sender, just don’t click. And “trust” here means that you trust the sender’s computer savvy.
Step 4: Be wary about clicking onto websites of unknown provenance. At least some ransomware now is delivered simply by visiting an infected website.
Bottomline: know that cybercrooks are looking to target you for ransomware in 2016. It’s up to you to stay a step ahead.