Recent widespread ransomware attacks hit computers in more than 150 countries, but the malicious practice itself is not new and given hackers ability to eventually work around security protocols – if only for a short period – is unlikely to go the way of the dinosaurs.
Rural or urban, it makes no difference. Call it equal-opportunity extortion, as likely to hit a cattle producer as a homeowner in more densely populated communities. Ransomware is a term for malware that infects computers and attempts to extort money from the user by holding the files and data for ransom.
“In most cases, the data is encrypted in such a way as to make it no longer readable without the encryption key,” said Scott Wilson, a web developer with Oklahoma State University’s Division of Agricultural Sciences and Natural Resources. “The user is presented with instructions on how to pay the ransom. However, sometimes it is possible to decrypt the files and sometimes it isn’t. For various reasons, some of the criminals doing this either don’t provide the key after payment or provide an incorrect one.”
Ransomware has existed for several years; however, its incidence exploded in the latter half of 2015 and the first half of 2016. Wilson said the primary reason for this explosion is that it has become the single most profitable form of malware in use.
“McAfee’s Q2 2016 security report told the story of a Russian gang of malware developers who made more than $120 million in the first six months of 2016,” he said. “Even allowing for costs of distributing the malware, their profit was probably more than $90 million.”
With such profits possible, there is significant incentive for cybercriminals to continue developing new forms of ransomware and new ways of distributing the malware. Currently, variants of ransomware exist for Windows, Linux and MacOS systems.
“Windows variants are the most common but the others are growing,” Wilson said. “Mobile ransomware is also a growing threat, with the number of infections doubling throughout the last year.”
Protecting computer systems against ransomware
For ransomware, traditional antimalware tools don’t really help. They can remove the ransomware but the files are still encrypted, and in most cases, cannot be decrypted without the key. There are two recommended courses of action to increase one’s “security protocols.”
“The first sounds simple but it is not necessarily so,” Wilson said. “Just don’t get infected.”
Most ransomware attacks come through email or malicious advertising. For email, be extremely careful of attachments, especially zip files and Word documents. For malicious ads, users should regularly update their operating system, especially web browsers, PDF tools and MS Office, and run a good real-time protection antimalware.
“The removal of support for Flash and removal of Java browser plugins has significantly reduced the number of attacks through these vectors; however, they should not be ignored,” Wilson said.
Second, have a good protected backup of your data. Wilson said online cloud backup is really the only protection against this type of ransomware.
“The various cloud backup services keep several versions of your data, so even if your files have been encrypted, it should be possible to restore unencrypted versions,” he said. “They also are able to defend against most types of ransomware, so your backups should remain uncorrupted.”
Infection with ransomware will most likely result in complete data loss for users who do not employ this backup protocol.
Also, some new variants of ransomware have the ability to copy themselves across network file shares, meaning that if one computer in an office became infected, soon all of them would be.
“This means that backups made to external hard drives, thumb drives and so on would be vulnerable to infection or could spread the infection themselves,” Wilson said.
Additional information on ransomware, including help with prevention, is available online at https://www.nomoreransom.org.