Ransomware: What Is It And What Can You Do About It?

The ransomware outbreak is actually getting worse according to a number of recent reports. The virus seems to be targeting healthcare facilities in particular. The reason for this, according to one report, is hospitals are more likely than most enterprises to pay ransoms to get their computers decrypted and usable again.

The recent outbreak seems to have caught many businesses by surprise, although ransomware is no newcomer to the malware scene. It has been around since 1989. The problem this time is it has picked up a number of modifications and changed its method of infiltration.

What is Ransomware?

Ransomware is a malware agent that turns encryption algorithms into weapons. It encrypts targeted PC files that render those files or whole browsers unusable. The ransomware program then extorts payments from users by offering a decryption solution for a fee.

Sometimes the program will employ a screen-lock with fake law-enforcement logos, usually of the FBI. The program will charge the users with doing something illegal and impose a “fine.” Reportedly the “law-enforcement” version has a much higher success rate than other variants. 

The recent surge in ransomware attacks is being attributed to a number of relatively new strains. Cerber, one of the new variants, is believed to be a product of the Russian underground. It is making waves because it has adopted a more threatening line of attack than its predecessors.

It was usually hidden in macros, but the new strain is entering via JavaScript attachments to trusted third-party apps. It is a path that frequently detours around anti-virus filters.

KeRanger, another ransomware strain, recently made a big splash by being the first known strain to infect iOS, Apple’s operating system. The Transmission BitTorrent client installer for OS X was found to be infected by KeRanger.

Two Windows-focused versions of the malware, Crowti and Fake BSoD, are currently in the news because they are the most prevalent of the new breed of ransomware.

Few Options

When attacked, users have a few options other than complete capitulation, but in the resulting panic and overwhelm, some users pay the money. Ransomware is profitable as long as some percentage of users pay the ransom to decrypt their devices.

The invisible adversaries strategically set the fee charged to home users at roughly $300, slightly less than the cost of a new low-end Windows computer. The fee goes up for infected machines attached to corporate networks. It goes down for users outside the US.

Microsoft offers a number of tactics that Windows users can employ to save their files, and not pay the ransom. There are also a couple of options for Mac users. The FBI offers decryption services as a means to battle ransomware.

To date, pretty much all of the techniques being offered are prescriptive or post-infection. There are few credible preventive techniques being made available.

On the Mac, Apple revoked the infected Transmission certificate and updated its XProtect anti-virus software that is built into the Mac. Microsoft also updated its anti-virus solutions, but those are not nearly enough.

In part 2 of our ransomware series, we will look at solutions for IT managers.

All posts in this series:

1) Ransomware: What Is It And What Can You Do About It?

2) Can IT Departments Defend Their Businesses From Ransomware Attacks?

3) How Can You Go On The Offense Against A Ransomware Attack?

4) How Can You Eradicate Ransomware?

Leave a Reply

Your email address will not be published. Required fields are marked *