There has been a flurry of activity surrounding internet security recently. Terms such as Cryptolocker, CryptoWall TorrentLocker, or CoinVault swirl around the media generating questions and creating concern, but not explaining what it involves or how to reduce the risk. In order to alleviate the worry it’s critical to understand what these terms mean, how they function, and what actions are necessary to defend against becoming a target.
Simply, the aforementioned items can be classified as ransomware, encryption ransomware to be precise. Ransomware is not new, although it has been highly publicized as of late. The concept of ransomware dates back to 1989 with the AIDS Trojan, which encrypted the names of files rendering a system inoperative until the user submits payments for the ransomed usability of the machine. The AIDS Trojan was the foundation and since then the complexity of code has increased with each release. Each version builds on the last making the encryption more difficult, if not impossible to break.
The evolution of ransomware flew under the radar, going unnoticed by the majority of the population… until CryptoLocker emerged in 2013. CryptoLocker revolutionized the genre by demanding payment in BitCoins, which are virtually untraceable. Since then, new variants CryptoWall, TorrentLocker, and CoinVault have appeared. Each using a form of encryption, demanding payment in BitCoins or other virtual currency in exchange for the user to regain functionality and for files to be restored to their original condition.
As the pieces of the puzzle come together, we can begin to discuss what this all means. Quite simply, encrypting ransomware is a form of malware that infects systems much like a virus or Trojan. Once it is placed on a system, it encrypts the data (spreadsheets, pictures, documents, slideshows, etc.) making them inaccessible. The files are still physically there, but they are not in a format that means anything without the encryption key. In order to obtain that, however, the ransom needs to be paid. It can be equated to an “old-style” kidnapping except it is with business data, taxes, or possibly everything!
To defend against ransomware understand there is no quick fix, technology wand to wave, or magic talisman to worship. The most effective method for reducing the risk of ransomware is by adhering to the basics of security – layered technical defenses, good backups, and trained users. There are items such as virus scanners, spam filters, and antimalware; however one is not immune and adaptations or mutations always tend to penetrate. Data backup is critical as it is the only true way to recover the data. The alternative is to pay the ransom, which might (or might not) result in the decryption of the data. Training also becomes essential in that many of the threats today attempt to circumvent all the technology protections by targeting the user and their computers.
You can relate today’s ransomware to your stereotypical thief. If the criminal wants to break into a place, why bother to pick the lock, disable the alarm, and then dodge the security guards when all that is necessary is to ask politely to be let in by someone in that facility under the premise that they belong there. In essence, that is what is occurring when individuals receive fake emails from FedEx, Credit Card institutions, or even from your boss! The main goal (similar to the thief) is for the user to click on the link provided, which downloads the software and invites them in.
The sophistication of ransomware is ever changing and continues to be a growing threat. The outcome can be total and complete data loss, time consuming backup and recovery (if the data was backed up initially), or whatever exorbitant amount was paid to regain functionality. Be diligent and defend yourself (and company) by applying strong security technical defenses, routinely backing up data, and provide solid user awareness training.