Ransomware on the rise, Australians among top targets
As Australians, we love technology, we've got comparatively high disposable income, and we're almost always connected. Unfortunately, this has made our sundrenched land the southern hemisphere's top target for ransomware, and attacks are on the rise.
Ransomware is an increasingly popular form of malware designed to lock a user of their own device and prevent them from accessing their files, unless they pay the ransom. In some cases, ransomware will target a computer's master boot record or partition table to prevent the operating system from loading, while more sophisticated attacks will instead encrypt a user's files in a way that only the perpetrator can unlock. More often than not, victims are required to pay the ransom using the Bitcoin cryptocurrency.
Symantec security expert Nick Savvides told CyberShack that ransomware is becoming an increasingly common form of cyber-crime, as it's much easier to monetise. In 2015, ransomware attacks increased by 35%, when compared to the previous year.
"Ransomware is the dot com boom for cyber-crooks," said Savvides. "[it's] a much easier path to monetising cyber-crime, and very hard to coordinate a response to it in the same way as with typical viruses and trojans."
Where a virus or trojan may hide away in the background of a user's computer, looking for financial information, ransomware immediately demands money from the victim. A typical piece of ransomware might ask for one bitcoin, roughly equivalent to AUD$565. According to Savvides, Australians are really good at paying ransoms very fast, which has only increased the frequency with which we are targeted.
Cyber-criminals are also increasingly relying on highly target attacks to help ransomware fly under the radar. Publically available information is used to put together an email or a message that an individual might be expecting from a colleague, employer, friend, or service provider, which in turn increases the likely hood the target will allow the ransomware on their machine.
The vast number of individual perpetrators running ransomware schemes often means a signature-based anti-virus solution won't be enough to detect such an attack. Traditional internet security needs to know what to look for to prevent it, which isn't of much use when a virus is too new, too obscure, or written in a way where it's able to modified itself.
Modern security software instead relies on behavioural analysis and sandboxing to deal with such threats. In the case of behavioural (or heuristic) analysis, the security software looks for suspicious activity happening on a user's machine; for example, encryption of one's files. If this kind of activity is detected, the security software attempts to kill the process causing it. On the other hand, security solutions that support sandboxing will run new or suspicious software in a self-contained environment where it can't affect the rest of the system.
While proper planning, management – making regular backups, for example – and a little bit of common sense can help mitigate the risk of ransomware, ethical hacker and founder of Whitehack Adrian Wood told CyberShack there are some circumstances where users would have no other option but to pay the ransom. At the same time, this should only be as a final resort.
"Ransomware has become a really serious problem in the past few years, and when you pay you encourage more of this activity and also funding other criminal activity," said Wood. "There’s also lots of cases of people paying and not getting their files decrypted."
Before paying a ransom, Wood says it may be worth asking a data recovery professional to see if there's any chance of regaining access to files.
"We’ve been called before to investigate ransomware attacks that had a serious impact and have managed to restore the data via a combination of forensic analysis and reverse engineering," said Wood.
"This process isn’t cheap. It may cost quite a sum of money to even discover that recovery isn’t possible."
In many cases, data recovery can cost more than paying the ransom.
In addition to running antivirus, Wood recommends that users keep their operating system, web browser, and extensions up to date, and avoid using their computer while signed in as an administrator.
On Windows, users should ensure the operating system isn't hiding file extensions, and dial up User Account Control to its toughest settings. Seeing full file names can make it easier to recognise malicious files (you'll know that cutekittens.jpg is really cutekittens.jpg.exe), and at its most stringent, User Account Control will alert you whenever an application tries to install software or make changes to your computer.
To enable file extensions in Windows 10, open File Explorer and select the View tab. Press Options, and select "change folder and search options". Move to the View tab, and under advanced settings, untick "hide extensions for known files".
User Account Control settings by opening Settings, and searching for "UAC". Click on "change user account control settings" and set it to "always notify".