Ransomware trends – all towards more crime

There has always been a question of “what is malware for?”  What’s the point of either planting or automating the planting of malware on a computer that isn’t yours?  Many answers are relevant:

  • For fun, laughs, or by accident
  • To spy or grab data (keylogging, banking trojans)
  • To use the computer’s resources to attack or gain something else (DDoS bots, Bitcoin mining, spam)
  • To damage the person or company whose computer has been penetrated (viruses which delete data, or exfiltrate data to embarrass Sony)

However, there’s an emerging and straightforward model for malware: Make money directly from the target via extortion.

Ransomware has grown at a high rate over 2014, and all the trends are now moving towards increased prevalence.  The recent growth is the confluence of several trends:

  • The maturity of encryption algorithms
  • The wider availability of anonymizing networks like Tor and I2P
  • The wider availability of anonymous digital currencies like Bitcoin and Litecoin
  • The maturity of a worldwide market in “Zero-Day” exploits for common software packages like Flash or web server software

Combine those trends, and it is not just possible, but likely, that criminals will try to extort money from computer users who need their digital files back.  They’ll be able to attack the users (Zero-day exploits and garden-variety phishing), encrypt files (with mature uncrackable algorithms), connect to the user anonymously (via Tor or I2P), and receive payment (anonymously with Bitcoin or Litecoin).

With the existing cash flow, criminals have begun to bid for advertisements on websites like huffingtonpost.com, dailymotion.com, and mapquest.com.  Ransomware now has a marketing budget.

There’s a lot of money already in this, but it is in ClearMind’s opinion an untapped criminal market.  There is no reason to think that this won’t get worse – as in a lot worse.

The main prophylactic steps are:

  • Go mentally and procedurally through a CryptoWall, CryptoLocker, or similar infection.  What would happen?  Imagine it in detail.  Note all your attached drives and mapped drives.  Then:
  • Have proper, versioned backups of your necessary files
  • Have a solid frequently rotated offline backup of necessary files
  • Surf the web in a non-privileged account
  • Patch all software and be scrupulous about it
  • Have some endpoint security and keep it updated
  • If you can live without Adobe plugins like Flash or PDF, or Oracle plugins like Java, then by all means remove them when possible

Buckle in.  These trends will only become more pronounced.  The internet draws us all closer – including drawing you closer to people who would extort money.

Submit a Comment

Your email address will not be published. Required fields are marked *