Ransomware: Hacking Gets Personal
No cyberthreat better represents the difficulty of hitting a moving security target than ransomware, which encrypts a computer's files and demands the owner pay a ransom, usually in Bitcoins, to get the data back. Ransomware has resisted FBI crackdowns on the largest perpetrators and has evolved into forms that are even harder to block. But, for now, there is a simple and effective defense—and it's probably advice you've heard before: back up data often.
Cybersecurity "is not a problem for which we can design a solution and then move on. It's like locking your front door. Once you start, you don't get to stop," says Phil Lacombe, vice president and manager of information systems and security at Parsons Corp.
In the digital world, attackers always are looking for new ways to open the door—and they are looking for unlocked windows, as well. Cybercriminals succeeded in compromising advertising on the Forbes website, using it as a vector to deliver malware in early February.
In July 2014, the FBI and foreign law enforcement agencies announced a cooperative action that resulted in the shutdown of the servers behind the Cryptolocker ransomware variant, the most common form. Before that operation shut down its servers, Cryptolocker infected an estimated 234,000 computers.
With Cryptolocker hobbled, though, new forms of ransomware—from Cryptolocker 2.0 and Cryptolocker.F (both unrelated to the original) to CryptoWall and TorrentLocker—have appeared and continue to infect computers. Another form, called Fessleak— delivered in a way similar to the Forbes vulnerability in January— infects computers without first conveying any files that can be blocked by a threat-detection program. It also avoids analysis by detecting whether it is running on a virtual machine or a real desktop computer.
Symantec's 2014 Internet Security Threat Report notes that ransomware activity increased sixfold in 2013. The research found that while only 3% of victims pay ransom—ranging from $100 to $400—an analysis of public records of the extortionists' Bitcoin transactions shows "that ransomware distributors have, without a doubt, earned tens of millions [of dollars] over the last year."
Experts say regularly backing up computer data is the best defense against ransomware and most types of malware. In the event of a ransomware infection, a recent backup lets you ignore the extortion attempt and simply reformat your computer, reloading it to the state of the most recent backup.