Ransomware – A Serious Threat
Ransomware is a particularly nasty form of malware, which has steadily become more sinister. The purpose of ransomware is, as the name suggests, to collect a ransom from the user that it attacks. If you are unlucky enough to install a piece of ransomware on your computer, you can expect to have a nightmare scenario unfold. The malicious code underlying the ransomware will encrypt all your data once it has been installed. This includes locally stored, network stored and even data in Cloud storage areas like Dropbox; it can even affect some backup systems if they work by synchronising your data. Once encrypted, the ransomware then plays back to you, on screen, their calling card. This is usually an onscreen message letting you know you have to pay a ransom of usually between $500-$1000 within a week.
Ransomware attacks are on the rise:
- Symantec, in their Internet Security Threat Report 2014, noted an increase of 500% in ransomware attacks.
- MacAfee showed in Q1 of 2015, ransomware had increased by 165%. This is partly due to Cryptolocker and its derivative, Cryptowall, ransomware variants that are highly lucrative for the perpetrators, collectively responsible for $60 million being lost to software users. Cryptolocker alone has pulled in more than $30 million of extorted money. And to make matters worse, the criminals insisted that the ransom be paid in bitcoins, adding even more aggravation to the crime.
How does ransomware get in?
Ransomware uses software vulnerabilities (i.e. bugs in the code) to ultimately take control of your computer and exploit your system. However, to get into your system in the first place, it needs to find a vector in. These vectors in are often in the form of emails that contain malware as an attachment or through advertisements on legitimate websites, also known as malvertising.
Malvertising is becoming an increasingly worrying trend, and Symantec in the 2014 Internet Security Threat Report, cited it as being the biggest growth area in malware insertion techniques. This finding is backed up by The Online Trust Alliance in a report, Emerging Threats to Consumers Within the Online Advertising Industry. Released in 2014, it showed that over 12.4 billion malicious ad impressions had been generated and that the threat was increasing.
One of the biggest advertising-based ransomware attacks of recent times emerged from Russia. The cybercriminal gang behind the attack used a real-time ad bidding network to deliver the infected ads – they were fake Hugo Boss ads that appeared on legitimate websites such as Huffington Post. Once in place, if a visitor clicked on the ad, they were taken to a server that used an exploit in Flash to download Cryptowall ransomware to its victims. Chaos then ensued in the form of ransomed, encrypted data. Many advertising networks are being targeted for this exact reason, including Yahoo’s extensive ad network.
How to prevent infection by ransomware
Here are a few things you can do to reduce your risk of infection:
Strategy 1: Keep your software up-to-date. Ransomware uses software vulnerabilities to take control of your computer so keep your software, especially browsers, patched and up-to-date.
Strategy 2: Email is often used as a vector into your system. Stay alert, ensuring that emails come from trusted sources.
Strategy 3: If you are a publisher and have ads running on your website, make sure you use the right tools to ensure a clean and safe experience for your users. If you want to know more how to verify ads, check out our GeoEdge Ad Security & Verification tool.