What is Ransomware?
Ransomware is a type of malicious software. It typically encrypts the victim’s data, effectively making it unusable unless a ransom is paid. In some cases, even if the ransom is paid, the decryption fails and the victim loses the data. Ransomware attacks are typically carried out using a Trojan style virus. Users are tricked into downloading it from a malicious web site or opening via e-mail.
Some ransomware, like the WannaCry worm are advanced and can travel between computers without user action. Advanced worms like WannaCry typically enter systems through exploits of known security flaws. Keeping systems patched up-to-date can help block this access. Therefore, it is important to use automatic update features when possible and available.
Both the BBC and Washington Post reported that the WannaCry worm was recently linked to the government of North Korea by the NSA. It affected more than 300,000 people in some 150 countries according to US intelligence officials. To add insult to injury, the WannaCry worm is based on portions of some NSA hacking tools, which were released last year by a group called the Shadow Brokers Group.
How Dangerous is Ransomware?
While the WannaCry worm received a lot of media attention, it was not as effective as other previous ransomware efforts in earning money; it is estimated to have raised about $140,000.
Due to an error in its coding implementation the transactions are easy to track and the party responsible has not collected the money, which was paid in ‘bitcoin’. The Washington Post reported that “As a result, no online currency exchange will touch it,” said Jake Williams, founder of Rendition Infosec, a cybersecurity firm. “This is like knowingly taking tainted bills from a bank robbery,” he said.
By comparison, a Wikipedia article on ransomware states that “CryptoLocker was particularly successful, procuring an estimated US $3 million before it was taken down by authorities, and CryptoWall was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over $18m by June 2015.”
Ransomware attacks are growing significantly. In June 2013, McAfee reported that it collected more than double the number of instances of ransomware in the second quarter than the first quarter of the year. SonicWALL reported that its GRID network observed an exponential increase in ransomware attacks between 2015 and 2016, with the number of threats growing from 4 million attacks to over 638 million.
What Devices Does Ransomware Affect?
Ransomware attacks against mobile devices have occurred, although the ability to easily restore the device to operational status has limited their effectiveness at extorting money from victims.
Android devices were the most commonly attacked mobile devices. Apple iOS devices (like iPhones and iPads) with weak iCould passwords have also been attacked. In some cases Apple devices were locked using the Find My Phone system.
The biggest threat is to personal computers and laptops which have data that is valuable to their owner; photos and documents are often irreplaceable. Businesses that become victim to attacks can lose important or even critical data like financial records or in the case of healthcare, patient information. Sadly, the effectiveness of ransomware attacks has increased because most users and many organizations fail to practice effective backup habits.
How to Protect Yourself From Ransomware
What can you do to protect yourself from the ransomware threat?
- The most important single defense is a regular backup routine to an external storage device or service.
- If you use a service, choose strong passwords that are different from your device passwords.
- If you choose an external storage device, only connect it to your computer when performing a backup. Otherwise, disconnect it.
- Practice safe e-mail handling. Never click on a link in any e-mail, even if you think you know the sender.
- Practice safe handling practices to text messages as well.
- Choose strong passwords for all devices and online accounts you use and never share those with anyone.
- Avoid using online accounts while connected to public Wi-Fi systems and keep your computer patched up-to-date.