Although most computer users in the U.S. and around the world are familiar with the risks associated with malicious software (i.e. viruses, worms and Trojans), relatively few users are aware of the hazards of Ransomware and its potential consequences for an attacked computer system and its users. Since several scholars believe that a new campaign of Ransomware is just around the corner, it is important that clients of Internet Service Providers be familiar with this type of cyber attack, and apply extra caution when opening unfamiliar emails, browsing suspicious websites, and downloading software, music and movies from peer to peers websites.
What is Ransomware?
Ransomware is a malicious software that is designed to hijack computer user files, encrypt them, and then demand ransom payment in exchange for the decryption key (Luo and Liao 2007). The prevalence of Ransomware campaigns has been significantly increased during the last 5 years (Kharraz et al 2015). Initiators of Ransomware campaigns plan the execution of ransomware in a careful manner, and use various techniques to get their malware onto a victim’s computer. Specifically, malicious advertisements, spam emails, and botnets are commonly employed by Ransomware initiators in effort to propagate their attacks (Savage et al 2015). However, next to the Ransomware initiators’ efforts to employ these methods, Ransomware affiliates provide services those Ransomware initiators who wish to carry out these attacks (Kharraz et al 2015). Importantly, the Ransomware affiliates do not need to have technical skills to create a Ransomware or to maintain and run the operation – all they are required to do is to spread the Ransomware as much as they can. In return to their service, the Ransomware affiliates are offered with a cut of the profit from each Ransomware infection they were responsible for. In some cases, Ransomware initiators offer Ransomware affiliates with access to the Ransomware control panel in exchange to an access fee (around US$300)(Savage et al 2015).
Once infecting a target computer, the Ransomware encrypts the files that are hosted on the target computer, and then sends a message to the legitimate computer user with a request to pay the ransom if the victim would like to restore access to the encrypted files. Since Ransomware scammers are trying to disguise their identity and avoid detection by law enforcement agencies, the Ransomware asks victims to send the ransom money using money wire transfers, payment voucher systems or cryptocurrencies like Bitcoin (the majority of new Ransomware threats require victims to use Bitcoin transactions as a method of payment). When payment is received on the offender’s end, the server on which the decrypter is hosted sends the key to the victim and allows access to the encrypted files again.
From that point on, Ransomware offenders try to launder the ransom money in order to avoid detection by law enforcement agencies. However, laundering money depends on the victims’ method of payment; if the Ransomware offender chooses to receive ransom payments in the form of payment vouchers, he will use online betting and casino sites that accept voucher codes for payment for laundering the money. Once laundered through these sites, the money could be cashed by prepaid debit cards and withdrawn from ATMs in different locations around the world. In contrast, if ransom payments are made through Bitcoin, Bitcoin laundering services (also known as Bitcoin mixers) are used to mix up Bitcoins from legitimate and illegitimate sources. By the time the Bitcoins are cashed out in the Bitcoin exchange market, it is difficult to differentiate between legitimate and illegitimate Bitcoin transactions.
How to Reduce the Risk for Infection?
In general, increased awareness among computer and Internet users could reduce the risk of Ransomware infection on your private computer or your company network. The following tips should be useful in protecting your computer from Ransomware:
- Make sure you have anti-virus and anti-spyware software installed on your computer.
- Do not download anything in response to a warning banner you receive from an Internet website you visit or a program you did not install on your computer.
- Always keep software and applications on your computer up-to-date.
- Make sure that your pop-up blocker is always enabled on your Internet browser.
- Do not disable your firewall.
- Don’t open email from people you don’t know, and be sure that you can verify the source before opening attachments or clicking links in any email, IM, or posts on social networks.
- Make sure that all computer users in your organization are familiar with these security awareness practices.
While there are no guaranties that applying those tactics will completely prevent your computers from getting infected by a Ransomware, awareness to this type of attack and understanding some of the ways to prevent it, reduce your risk to fall victim to this type of cyber crime.
Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015). Cutting the gordian knot: a look under the hood of ransomware attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24). Springer International Publishing.
Luo, X., & Liao, Q. (2007). Awareness Education as the key to Ransomware Prevention. Information Systems Security, 16(4), 195-202.
Savage, Kevin, Peter Cogan and Hon Lau. 2015. The Evolution of Ransomware. Symantic. Available in : http://www.symantec.com/content/en/us/enterprise/media/security_response...