By Andrew Paulette By now most people who follow IT in any way know that encryption is used to scramble and lock data so that cyber thieves cannot gain access to it. But how many of us thought cyber thieves would use that very security method for their own criminal purposes? Using the same encryption technology we use to protect our communications and sensitive data from prying eyes, hackers have turned this technology against us. Called crypto-ransomware, this form of malware encrypts the user’s data, making it impossible for the owner of the data to access the information or move it to a safer location. While originally one of many different tactics in a category of malware attacks called ransomware, crypto-ransomware has become so prolific and effective that it is now referred to as “ransomware” in news articles and security reports. Ransomware locks owners out of their own data – whether it’s treasured family photos or data essential for running a business, hospital, or federal agency. Cybercriminals then demand a ransom to decrypt the information, often threatening to delete the data if a ransom is not paid or if the owner attempts to unlock the data. While various versions of ransomware exist, such as TeslaCrypt, CryptoLocker, and Locky, they all follow a similar approach to hold the user’s data hostage:
Ransomware is difficult to trace due to its untraceable payment and cloaked communications to the command and control server. Complicating matters further, many organizations, in an effort to avoid damaging their reputation, do not to report the crime. Due to the anonymity with which these criminals can operate, in addition to the importance and sensitivity of our data, ransomware has proven to be a lucrative investment for cyber criminals. Between October 15th and December 18th 2014, a total of $27 Million was tracked as ransom related to the malware Crypto Locker. Since then, ransomware has only become more popular: Trend Micro reported this type of malware became the method of choice for cybercriminals to extort money from both individuals and businesses over the course of 2015, accounting for 89% of ransomware attacks. Because ransomware can infect any file on an IT network, this malware poses a unique threat to enterprises. This ability to traverse and attack an organization’s IT infrastructure became painfully clear after a series of reported attacks against the US’s healthcare infrastructure, including the Hollywood Presbyterian Medical Center in California, the Methodist Hospital in Kentucky, and the MedStart Health Hospitals in D.C. In cases where businesses have reported these cyber-attacks, ransoms as much as $17,000 have been paid in order to regain access to the company’s files. If a recent FBI “Flash” advisory is any indicator, the problem of ransomware is going to get worse before it gets better. While it is impossible to stop every attack, the threat of crypto-ransomware can be reduced. There are preventative steps that organizations can take to decrease the chances of being infected with crypto-ransomware:
These steps will minimize the risk of ransomware, but will not eliminate it. Part II of this series will focus on how to proceed when attacked by ransomware.