The Rise of Ransomware

April 04, 2016 4 min read

2016 is quickly shaping up to be the year of ransomware infections, as security experts have reported seeing spikes in both old encryption malware like Cryptolocker, and in the newest versions like Locky.

For those new to the term, “ransomware” is a malicious program that infects a user’s device by encrypting all of the device’s files without the user’s knowledge or permission. The victim is then left with a device that is greatly restricted in functionality, and often the only way it can be recovered to a usable form is to pay the ransom, or hope that you have backed up your device recently and it can be set to a restore point.

Just from January to March of this year alone, a plethora of ransomware has appeared on the computing scene in the form of Cryptolocker, Locky, Petya, SamSam, and TeslaCrypt. These malware programs have infected millions of victims in this short span of time, and target everyone from small businesses on up to major hospitals, which are a common target due to their lack of cybersecurity and poor IT practices, such as not patching their servers and undisciplined employees clicking on phishing scams.

So Why The Sudden Increase in Malware Attacks?

Various security research firms have reported a few reasons for this uptick in malware attacks. One is an upgrade to the malware itself which beefs up the encryption, but the most alarming aspect of these new ransomware programs is that they often require no user interaction at all!

You have to understand that in the past, these ransomware infections required a user to actually click on a phishing attack such as a compromised browser or an email link in order to actually take over a user’s workstation. But now they have figured out how to circumvent these access points, and rely more upon lax security practices and/or unpatched servers.

The Scope of These Ransomware Attacks Is Increasing

Back in the day, these ransomware attacks typically targeted individual citizens and small businesses, and were considered more annoying than damaging or lucrative in nature. Now, however, these cyber criminals are targeting major governments, healthcare organizations, and even news publishers. Along with this increase in size and scope of the victims, comes malware programs that are also becoming more sophisticated and use methods that are much more difficult to detect.

A recent example of these new, more sophisticated attacks is where cybercriminals used a tried and true method of using anAngler Exploit Kit to take over a number of ad networks, including Google’s, and then showed ransomware, self-installing ads to people looking at theNew York Times, BBC, Newsweek and quite a few other major online publications.

This particular attack was a “one-of-a-kind” - all that had to take place to infect the victim’s computer was the user simply watching the video ad. The user did not have to actually click on anything! The video itself would begin loading and installing the virus, so by the time the ad was done playing, the program was already starting to install itself onto the host machine without the user even being aware it was happening.

According to Malwarebytes researcher Jerome Segura, “The ads that were infected were video ads, which is why they made it through.” He continued saying, “Most past malware attacks have happened via display ads or traditional ad banners, but this was a new vector and caught everyone by surprise.”

So What Can I Do To Protect Myself?

Since ransomware’s encrypted files can damage your machine beyond repair, it seems quite scary and they certainly can be just that, but there are certain steps you can take to avoid these headaches or out-of-pocket costs to pay the ransom:

1.) Backup your data regularly by creating restore points and a set schedule to backup your files often.

2.) Show hidden file extensions. Re-enabling the ability to see the full file extension (name) will make it easier to spot malware as most use executable files, or files that end with “.EXE”

3.) Never click on “.EXE” or executable programs in your email.

4.) Update your OS software and patch it whenever possible. These ransomware programs rely on people running outdated software with known vulnerabilities. Updating and patching regularly ensures the latest security “holes” have been patched up and are no longer a threat.

5.) Use an effective security anti-malware program. We are by no means affiliated with them, but have found thatMalwarebytes works extremely well and it’s 100% free.

Stay Vigilant

As 2016 comes and goes, we will undoubtedly see the newest and most malignant forms of ransomware yet. Be as diligent as possible with our prevention tips, and even then understand that this new form of malware cannot always be avoided.

If you believe you’ve been the victim of a ransomware scheme or other cyber fraud activity, please report it to the FBI’sInternet Crime Complaint Center.