Christopher Royse is Assistant Professor of Computer and Information Technologies at Southcentral Kentucky Community and Technical College.
The month of October has been deemed as “National Cyber Security Awareness Month” by the Department of Homeland Security (DHS). This annual campaign is aimed at educating internet users on the importance of understanding cybersecurity and to provide them with the resources needed to stay protected online.
One of the most pervasive cybercrimes facing internet users in recent years is what is commonly referred to as “ransomware.” Ransomware is essentially any malware that locks a user out of their system and demands payment before allowing the user back into the system. The FBI estimates that ransomware cost users $209 million dollars in the first three months of 2016.
Hackers usually demand payment of the ransom via bitcoins, a form of digital cash, which adds to the complexity of the crime since it is nearly impossible to track down the hackers via traditional methods without a “paper trail.” Research by Symantec Corporation revealed that in one month 68,000 computers were infected with some form of ransomware, and in that month, 1,972 victims paid ransoms totaling over $394,400. It is estimated that the annual extortion is at least $5 million per year. Unfortunately, even when users give in and pay the ransom, the malware is rarely removed as promised.
Ransomware is a growing business for the hacker community and has become increasingly nefarious over the years. Ransomware was first sighted locking the screens of infected machines of Russian speaking countries in 2009. The first versions would lock the user screen and present a message that appeared to be from Microsoft Corporation. The lock screen messaging later evolved to send the user a message that inferred a crime was being committed, often displaying the logo for the regional law enforcement agency.
As the ransomware spread to the United States it often included the logo of the Federal Bureau of Investigation. This particular form of the malware became commonly referred to as the “FBI Virus.” In recent years a version of ransomware called “Cryptowall” has made news headlines by infecting and encrypting the contents of not just individuals, but business data as well. Crypto ransomware works by taking the user’s files and locking them away using strong encryption.
If a victim does not have current back-ups of their data then they will have little choice but to pay the ransom to regain access to their valuable data. In many cases, even trained cybersecurity professionals cannot save the data locked away by these forms of ransomware.
So how do users become infected? The most common method of infection appears to be what is known as “drive-by downloads.” This occurs when a user is lured away from the legitimate website they were on to another website hosting malicious content. Most often this is accomplished by use of advertisements. According to Symantec, attackers lured away more than 500,000 people using malicious ads over a period of 18 days.
Users may also be lured away by the promise of free programs or applications such as online games, or via email attachments sent in phishing scams where the emails appear to be a legitimate source. An example of a phishing email could be a request from the user’s bank to verify a withdrawal of a large sum of money. Unwitting victims may see the email and panic, causing them to navigate to an unsafe site to see what may have happened, where they unknowingly download the malware payload.
How can users protect themselves? Protection for ransomware is very similar to many other types of malware. Users should always have an active and up-to-date anti-virus/anti-malware program. It is also important to have some form of back-up for your data. Most importantly, however, is simple awareness of the common ploys used by hackers. A user should never open links or attachments from an untrusted source, and should avoid clicking on ads from unknown sources. If it looks suspicious, don’t click it. Users think they have become infected should disconnect from the internet right away to prevent the progress of the encryption process.
Ransomware is a threat that has the potential to rob users of millions of dollars each year, and as these threats continue to advance in complexity it is predicted that they may eventually be unable to be remediated. It is therefore increasingly important that users educate themselves on how to avoid becoming a victim of ransomware infection and other cybercrimes.