Understanding the ransomware threat

Although ransomware is commonly thought of as something new, it's actually nothing of the sort. We can trace the origins of today’s ransomware threat right back to AIDS Trojan in 1989. A floppy-disk based distribution of software that encrypted files on a PC after a reboot, and demanded a 'license fee' of $189. This 30 year old threat came of age 12 years ago when the Archievus malware used advanced encryption techniques to lock down documents.

Ransomware came to prominence in 2013 when the by now infamous CryptoLocker made an appearance. In many ways this was to become a blueprint for most every ransomware threat that has followed: phishing emails distributed by a botnet and carrying a malware infected attachment payload, once executed this encrypts data on local and network drives using 'military-grade' encryption, and demands a ransom in Bitcoin for the key to unlock it.

CryptoLocker is reported to have netted the gang behind it some $27m. Even that is peanuts compared to the CryptoWall ransomware the following year; said to have made $325m in ill-gotten gains. The evolution of the ransomware threat accelerated through the next couple of years, spreading to both Android and iOS platforms as well as jumping from Windows to MacOS X and Linux. Ransomware also evolved to mimic the 'worms' of old, with ZCryptor self-propagating so as to infect external devices as well as encrypting every shared drive it could find.

That's the history lesson over, and you may be wondering why you should even care seeing as ransomware is a consumer threat. Right? Wrong! That malware can be monetised both quickly and anonymously through the use of Bitcoin has meant that it has become the 'malware de jour' for cyber-criminals. As such it now covers the entire range of criminality; from back bedroom gangsters buying an exploit kit and making beer money, through to highly organised gangs raking in millions.

The days of the scattergun phishing email in order to entrap a small percentage of the random recipients is far from gone at the bottom end of the criminal scale; the bigger bad boys though are aiming at specific businesses in order to reap larger profits. Spamming is replaced by spear-phishing tactics where targets are researched through social media and corporate websites, and individually crafted email traps are set on a departmental or even individual employee basis.

A recent report revealed that 70% of businesses paid the ransom to get access to their data back. Half of all the businesses surveyed had experienced a ransomware attack attempt, and the majority were medium-sized enterprises and above. Clearly, the ransomware operators are setting their sights higher, to extract bigger ransoms.

With more than 4,000 ransomware attacks happening every single day in 2016 and no sign of this rate of attack falling during 2017, it looks like this is one malware story that's here to stay. As Liviu Arsene, Senior E-Threat Analyst at Bitdefender, has said: "regardless of an organisation’s size, proactively setting up new security and backup mechanisms that can detect and rapidly mitigate such infections are more than recommended."

Liviu's warning that ransomware could soon evolve into 'extortionware' and copy sensitive documents with a threat to publish them online if the ransom goes unpaid, only serves to reinforce this message.

ComputerWorld and Bitdefender specialists will be demonstrating live how Bitdefender can help you protect your business from ransomeware attack.  Use the link below to register, don't worry if you can't make the live recording you will be sent a copy of the recording