In 
The cyber world is enveloped by ransomware, giving sleepless nights to security heads and literally holding enterprises and users to ransom, in addition to threatening the basic security framework. Security heads are compelled to deploy stringent security tools, create a hygiene factor and prevent fraud.
Ransomware on a Roll
Ransom, as defined by the Websters dictionary, is the practice of holding a prisoner or item to title="Extortion">extort money or property to secure their release. This has been a menace in the physical world for many centuries. In the virtual world, it was a stray occurrence till very recently.
As enterprises get more exposed to the digital world and with valuable critical information being stored in the digital form, fraudsters are finding innovative ways to exploit the situation using malware.
Ransomware title="Ransom">ransom to be paid to the malware planter for the release of the hostage data. The mode of infection and propagation can be similar to any malware; but following infection, it could use various methods to trap the data owner to hostile situations.
How can it affect users?
Some of the worst scenarios which customers can encounter could be that those who use pirated software become the first victims. In such a case, the malware initiates the infection path and claims that the user has violated the software licensing policy and locks the system. For releasing it, the user must call an overseas number to get the activation code, a call charged at premium rates. Or when accessing objectionable content, malware may claim to be an enforcement authority and force the user to pay a penalty to release the system lock. The figure below explains how a ransomware can be planted in an organisation.
Ransomware Payment Mode
The payment mode varies from malware to malware, but those most commonly used are prepaid electronic money schemes like Ukash, MoneyPak etc. Most ransomware may avoid any mode of payment that may be tracked, such as credit cards, debit cards, net banking or PayPal.
The challenge is that if the ransom is not paid, it would be tough to get the system reformatted. And even when paid, it could only be a temporary solution since the malware is still active in the system and could come back to life at any instant.
Ransomwares Origin
As per Michael Kassner, the first ransomware, PC Cyborg, appeared in 1989. It was a Trojan developed by Joseph Popp and carried a payload which claimed that a licence of certain software on a users PC had expired and that the user must pay a sum of USD 189 to PC Cyborg Corporation to unlock his PC. By 2006, the attacks got more sophisticated as writers ofransomware started using 660-bit (Gpcode.AG) and 1024-bit (Gpcode.AK) RSA Key. In the last few years, there are reports of the presence of ransomware in enterprises where hackers obtained access to critical databases, encrypted them and negotiated a ransom for the decryption key. But most of the time, this is not an easy task. This is because of the enterprise security controls being in place, effective negotiation and the entire process being carried on without the attackers identity being disclosed. But it still remains a big threat if the hacker manages to plant ransomware in an enterprise server where critical applications or the database are hosted.
Now with SMBs and individual home users on the rise, it is easier to target and trap the users data because of less security controls and user level awareness.
According to a report from the Symantec Security Response team, early this year, ransomware worms were found prominent in Germany, France and the UK; and by the end of the year, the US also showed a significant rise in the number of infections. In the last two months, we have seen the presence of multiple dormant ransomware in India waiting to get initiated. Currently, there exist at least sixteen different types of ransomware families. These are sixteen different malware families and not mere versions.
According to reports, although a very small percentage of people actually pay for system release, it is currently a USD 5 million industry.
The Next Best Steps for CISOs
With technology available to build exploits and hackers finding this an easy way of extracting money, the chances of multi-variants of ransomware in the wild getting initiated any time (rather than waiting to initiate when users access objectionable content or use pirated software) would change the threat perspective in a big way.
While Antivirus companies consider this a serious security concern and release multiple security control signatures for combating ransomware, what is needed is a strong URL content filtering, periodic security patching, the use of trusted applications and end user awareness to prevent the threat.
Cyber criminals are bridging the gap between the physical world and cyber world rapidly. With advancement in technology, these attacks will only get more and more sophisticated and perilous. The only way to safeguard against them is to increase awareness about cybercrime among users. The dangers are real, the threats are real, the repercussions are unimaginable and the rise of ransomware confirms the validity of this statement.
Most vendors are coming up with recommendations on how to deal with advanced encryption algorithms in addressing the ransomware menace.
The idea is to be alert about fake messages and websites and educate business users and end users periodically about new security threats and recommend ways to prevent them.
Uday Mittal & Sunil Varkey
Idea Cellular's IT Team
Add new comment