Computer users often pay price when ransomware hits

Computer users often pay price when ransomware hits

As its name suggests, ransomware is a class of malicious software that infects and restricts access to your computer until a payment is made. The method of infection is similar to that of phishing attacks and spreads through compromised websites and email containing malicious attachments or links. The key difference is ransomware is more overt and confronts you shortly after you've been compromised.

Over time, the attacks have evolved to become more sophisticated, incorporating techniques such as software encryption, electronic currencies and anonymized routing to help the criminals who operate ransomware campaigns evade detection. Here are a few notable examples:

  • Reveton creates a fake notification posing as the FBI, your local police department or other law enforcement agency, claiming that pirated software or child pornography was detected on your system. The warning persists, even after restarting, until the fine is collected via an online payment. Enough complaints were generated for the FBI to issue a formal warning about the ransomware. Discovered in 2011, Reveton first attacked PCs but now targets Macs and Android devices as well.

  • CryptoLocker would search for files on local and network drives, encrypting any documents, spreadsheets and pictures it could find. Victims were typically given 72 hours to pay several hundred dollars or the ransom price would increase by five times. First appearing in 2013, CryptoLocker peaked in dominance in 2014 before an international effort named Operation Tovar succeeded in shutting down its distribution later that year. Subsequently, security firms Fox-IT and FireEye jointly set up a site to allow some victims to decrypt their files. Several clones arose, with CryptoWall becoming the most dominant successor.

  • CTB-Locker behaves similarly to CryptoLocker but adds a little twist by granting you the ability to decrypt a small selection of files to reassure you the rest of your files are only a few hundred dollars away.

  • First seen this year is TeslaCrypt. It differentiates itself from other ransomware by heavily targeting gamers. It searches for more than 180 file extensions that focus on files for your games, including maps, mods, profiles and saves.

The general recommendation when you are infected with ransomware is to not pay the ransom. However, without a good backup, many users are left with little recourse. Impact to businesses can be more severe as a single rogue computer can encrypt your entire file server.

Prevention is the key to defending yourself against ransomware. Update your computer software and be wary of opening suspicious files or links. Most important, back up your important data and keep a copy safely stored away from your computer.

Vincent Hoang is an enterprise architect at Hawaiian Telcom, a Certified Information Systems Security Professional (CISSP), GSNA Systems and Network Auditor (GSNA) and Cisco Certified Network Professional (CCNP). Reach him at vincent.hoang@hawaiiantel.com.

Copyright (c) Honolulu Star-Advertiser

Visit this article in the Star-Advertiser