Ransomware was a game changer for the cybercriminals. It took the cyberattacks to the next level as it made the cybercrimes economically beneficial. According to statistics, the ROI for a cybercriminal from ransomware is 1500%. A ransomware kit costs (estimated figures) about $5,900 and the buyer can make up to $90,000 within a month of operation. That explains the recent popularity behind ransomware. Any industry which uses connected networks to operate is a potential target for a criminal who has a ‘ransomware kit’ in his bag. The list includes Health sector, energy sector, financial sector, and Universities.
How it operates
What makes ransomware effective is the way it operates. Ransomware capitalize on the victim’s fear. In this new cyber-enhanced era, data is everything and that’s what ransomware holds from the victim like a hostage. The fear of losing personal/professional data forces the victim to make irrational decisions like paying money as a ransom in return for personal data. In 2015 alone hackers netted an approximate amount of $325 million from ransomware. And the revenue is still increasing day-by-day.
Types of ransomware and how it grabs your money
There are two types of ransomware. The first type is a cryptolocker program, which encrypts a particular area of database (My Documents, C drive) or the entire database and asks ransom for release. The other type called as called Winlocker ransomware just locks your screen with a message card and with the instructions. The only way to retrieve back the data or to access the system will be paying the amount which they (attackers) ask. These criminals always rely on Bitcoins for collecting the money. The Bitcoin evolution and emergence of anonymity networks like Tor made the attackers capable of doing such menaces. Payment through Bitcoins are untraceable and programs like Tor offers complete anonymity to the attackers from surveillance techniques.
How it infects
Criminals use Social Engineering, Phishing and Drive-by Downloads to infect a network. It may enter your network through a malicious email, social networking platform or even in the form of an update for Adobe Acrobat, Java and Flash Player. Once a ransomware obtains access to a system, it has the potential to compromise the whole network which the system is connected to.
Do we have a cure for ransomware?
A group of researchers at the University of Florida claims to have found a way to defeat ransomware programs. They have developed a program called CryptoDropwhich monitors the database for any encryption activities. The idea is to stop the malicious program during the time of action. An approach to ‘save as much as it possible’ from encryption. The researchers tested 492 samples with the ‘CryptoDrop’ program and they reported the new software was able to stop the ransomwares from encrypting the entire hard disk.
Ransomware families tested against CryptoDrop
Prevention is better than cure
Let’s hope the Infosec researchers will find a way to stop ransomware from its ongoing rampage. Finding a cure is always good, but prevention is far better than cure. And you can effectively prevent ransomware with these steps. With these practices, you can prevent and decrease the chance of being attacked.
- Keep regular backups of your data in independent devices like USB hard drives.
- Filter EXE, ZIP file extensions from e-mails, you can also enable file extension feature on your browser.
- Use intrusion prevention softwares like folder locker or drive locker.
- Use cryptolocker prevention kit.
- Disable Remote Desktop Protocol (RDP).
- Update the operating system regularly.
- Use a reputed security software.
- Disconnect from Wifi once you feel suspicious.