RANSOMWARE: What Is it and How Can We Reduce the Risk of Infection

By: David Maimon.

Although most computer users in the U.S. and around the world are familiar with the risks associated with malicious software (i.e. viruses, worms and Trojans), relatively few users are aware of the hazards of Ransomware and its potential consequences for an attacked computer system and its users. Since several scholars believe that a new campaign of Ransomware is just around the corner, it is important that clients of Internet Service Providers familiarize themselves with this type of cyber attack and exercise extra caution when opening unfamiliar emails, browsing suspicious websites, and downloading software, music, and movies from peer-to-peer websites.

What is Ransomware?

Ransomware is malicious software designed to hijack computer user files, encrypt them, and then demand ransom payment in exchange for the decryption key (Luo and Liao 2007). The prevalence of Ransomware campaigns has increased significantly over the last five years (Kharraz et al. 2015). Initiators of Ransomware campaigns plan the execution of ransomware in a careful manner, and use various techniques to get their malware onto a victim’s computer. Specifically, malicious advertisements, spam emails, and botnets are commonly employed by Ransomware initiators in order to propagate their attacks (Savage et al. 2015). However, alongside the Ransomware initiators’ use of these methods, Ransomware affiliates provide services for those Ransomware initiators who wish to carry out these attacks (Kharraz et al. 2015). Importantly, the Ransomware affiliates do not need to have technical skills to create a Ransomware or to maintain and run the operation – all they are required to do is to maximize the spread of the Ransomware. In return for their service, the Ransomware affiliates receive a cut of the profit from each Ransomware infection for which they were responsible. In some cases, Ransomware initiators offer Ransomware affiliates access to the Ransomware control panel in exchange to an access fee (around US$300) (Savage et al. 2015).

Once it has infected a target computer, the Ransomware encrypts the files that are hosted on the target computer, and then sends a message to the legitimate computer user with a request to pay the ransom if the victim wishes to regain access to the encrypted files. Since Ransomware scammers seek to disguise their identity and avoid detection by law enforcement agencies, the Ransomware asks victims to send the ransom money using money wire transfers, payment voucher systems, or cryptocurrencies such as Bitcoin (the majority of new Ransomware threats require victims to use Bitcoin transactions as the method of payment). When payment is received on the offender’s end, the server on which the decrypter is hosted sends the key to the victim and allows access to the encrypted files again.

From that point on, Ransomware offenders try to launder the ransom money in order to avoid detection by law enforcement agencies. However, laundering money depends on the victims’ method of payment. If the Ransomware offender chooses to receive ransom payments in the form of payment vouchers, he will use online betting and casino sites that accept voucher codes for payment for laundering the money. Once laundered through these sites, the money can be cashed by prepaid debit cards and withdrawn from ATMs in different locations around the world. In contrast, if ransom payments are made through Bitcoin, Bitcoin laundering services (also known as Bitcoin mixers) are used to mix together Bitcoins from legitimate and illegitimate sources. By the time the Bitcoins are cashed out in the Bitcoin exchange market, it is difficult to differentiate between legitimate and illegitimate Bitcoin transactions.

 How Can We Reduce the Risk of Infection?

In general, increased awareness among computer and Internet users can reduce the risk of Ransomware infection on your private computer or company network. The following tips should be useful in protecting your computer from Ransomware:  

  • Make sure you have anti-virus and anti-spyware software installed on your computer.
  • Do not download anything in response to a warning banner you receive from an Internet website you visit or a program you did not install on your computer.
  • Always keep software and applications on your computer up-to-date.
  • Make sure that your pop-up blocker is always enabled on your Internet browser.
  • Do not disable your firewall.
  • Don’t open email from people you don’t know, and be sure that you can verify the source before opening attachments or clicking links in any email, IM, or posts on social networks.
  • Make sure that all computer users in your organization are familiar with these security awareness practices.

While there are no guaranties that applying those tactics will completely protect your computers from infection by a Ransomware, awareness of this type of attack and an understanding of some of the ways to prevent it will reduce your risk of falling victim to this type of cyber crime.

References

Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015). Cutting the Gordian knot: a look under the hood of ransomware attacks. In Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24). Springer International Publishing.

Luo, X., & Liao, Q. (2007). Awareness Education as the key to Ransomware Prevention. Information Systems Security, 16(4), 195-202.

Savage, Kevin, Peter Cogan and Hon Lau. 2015. The Evolution of Ransomware. Symantec. Available in : http://www.symantec.com/content/en/us/enterprise/media/security_response...