Will You Be the Next Victim of Ransomware?
Ransomware is malicious software that has been covertly installed on a device, such as your laptop or phone, which encrypts your private data and demands a monetary ransom for restoring the data to its original format. If the data is highly sensitive, the ransom may be the threat of public disclosure of the private data. The ransomware enters the computer system through a malicious executable known as a Trojan and may be disguised as a document, image or compressed file (zip).
Ransomware was first observed late last century and its proliferation has been on the rise the last few years. Ransomware is a popular tool of hackers because it resides “under the radar” of malicious activities. The best and most expedient solution for an infected system is to pay the ransom, which for most attacks, is less than $100. Compare this with calling your anti-virus vendor, spending hours on the phone, only to realize that they can do nothing to restore your data. In fact, I have witnessed professionally managed security services pay the ransom for their customer to avoid disclosing that their protection systems were compromised.
For ransomware to infect a system, a malicious application must be executed on the targeted host with the privileges to observe and encrypt the file system. The initial target of the attack is enticed using an email, social networking site, instant message, freeware or malvertising with an embedded URL pointing to the malicious site. Freeware sites are the largest propagators of ransomware, followed by malvertising, email, social networking and instant messaging. A disguised executable is downloaded by the target that may conduct a useful service such as converting a video from one format to another, but also replaces an existing executable, such as a text editor. This replacement is key in that it gives the executable the appropriate privileges to observe and modify the file system. When the target executes the replacement application, it may simultaneously perform the intended function and spawn the malicious application that begins to encrypt the files. This diversion tactic allows the ransomware enough time to crawl the files system and encrypt the private information undetected. Upon completion of the encryption, the ransomware informs the target system that the files have been encrypted and gives instructions for payment.
Signature-based detection of downloaded malware is unreliable due to the new polymorphic nature of their design. Attackers are disguising their software by obfuscating the code creating multiple unique versions of the same executable. Attackers also detect the inspection of their code by sandboxing, known as anti-research malware, which cloaks key execution paths from discovery. The best and most effective method for for avoiding ransomware is an educated end user who is cognizant of their actions. Everything you needed to know to avoid being taken ransom you learned in grade school.
Don’t take candy from a stranger.
When alone, you are responsible for your own safety.
If it’s too good to be true, it’s probably not true.
There is no such thing as free.
There is no such thing as free.
Let’s look examples of ransomware and how you can detect and prevent an infection. The most common infection mechanism is freeware—a quick fix to a problem that is free. For example, a website that converts .wav files to mp3 files. The attacker will actually convert your .wav files to .mp3 files. The target will download the converted files on their system and try out a few of the mp3s to see if it worked. The first few converted files may be clean, but additional files will contain embedded malware. The target eventually double-clicks on an infected .mp3 and instead of the music playing; an error message may appear that states it could not convert this particular file. The ransomware is now beginning the encryption.
Like what you just read? To receive technical tips and articles directly in your inbox twice per month, sign up for the EXTRA e-newsletter here.
comments powered by