Ready to Start Your Career?
December 29, 2016
Ransomware: When it's truly better to be safe than sorry
December 29, 2016
In general, encryption is a good thing and the stronger the better. Protecting data both at rest and while in transit is a recommended security best practice of which you should be aware. But when you discover that all the files on your computer have been encrypted with 2048-bit AES encryption and you had nothing to do with it, then it’s another matter entirely. If God forbid, you should ever have this happen to you, then there’s a good chance you’ve been a victim of ransomware. In this post we’ll examine how ransomware works, the various types, how prevalent it actually is, the motive behind it, and how to prevent becoming a victim.Ransomware has been gaining attention recently primarily as a result of some high-profile cases such as the attack on MedStar Health, but it’s been around for a while. The first known case was the “AIDS” ransomware back in 1989 which hid files on a computer’s hard drive and encrypted the filenames. It attempted to extort payment from victims by leading them to believe that a software license had expired. Actual public key cryptography for ransomware didn’t appear until 1996 as part of a proof of concept project. The use of asymmetric keys made things extremely difficult for the victim when it came to decrypting their files and left as the only recourse to either pay the demanded ransom or kiss their files goodbye.Things have evolved since 1996 with the use of stronger encryption standards used in ransomware along with the methods for its distribution. The preferred delivery method for ransomware is trickery in the form of Trojans: phishing, spear phishing, infected ads (malvertising), malicious downloads, and drive by web attacks. Despite the rise in ransomware in the wild, otherwise known as “encounter rate” (ER), the ratio of infections as reported by Microsoft’s Malicious Software Removal Tool (MSRT) is quite low. Microsoft’s Security Group attributes this to a combination of increased user awareness and the effectiveness of contemporary AV software. I think I’ll take that encouraging bit of news with a large grain of salt.The preceding should provide a hint as to the most heavily-targeted platform by ransomware: Microsoft Windows. However, before Mac users get too smug, ransomware targeting the Mac known as “KeyRanger” was discovered in 2016. The targets of ransomware can be divided into three groups:
- Personal computers – primarily MS Windows
- Mobile phones – almost exclusively Android
- The Enterprise – servers, storage, and offsite storage