Experts predict cases of ransomware are about to surge due to a new do-it-yourself malware created by hackers.
You may have surfed the web and seen a warning screen claiming a virus has been detected and you need to pay a fee to get your data cleaned up. You may have also received an email about a package you are due to receive, requesting you to click on a link or attachment to track your package. These are only some examples of ransomware, which is expected to surge again in the coming months.
As the name implies, hackers are seeking a ransom. They want you to pay a fee to unlock your computer files, which they’ve just encrypted. Hundreds of thousands of businesses and individuals have been hit by ransomware in recent years and news of a ‘do it yourself’ malware kit could trigger another tsunami of malicious content.
A SHOCKING NUMBER OF PEOPLE PAY UP
In 2013, CryptoLocker grabbed international attention as a popular brand of malware in heavy circulation. It demanded payment in bitcoins, a virtual currency that many are unaware of. Fees ranged from $200 to over $1,000 to obtain a decryption key.
An early 2014 study by the University of Kent1 documented that over 40% of victims targeted by CryptoLocker said they paid the ransom – a rate much higher than expected.
“The prevalence of the CryptoLocker ransomware seems to be much higher than expected,” the study’s authors stated.
In the research sample, over 50 individuals reported being hit by CryptoLocker — roughly 1 in 30 participants. Kent’s study was conducted during a three-day period in late January 2014 and included responses from over 1,500 participants throughout the United Kingdom. Similar rates probably apply in the U.S.
In April 2015, Symantec4 issued its Internet Security Threat Report for 2014. It documents a 113% increase in ransomware in 2014 over the preceding year. That equals about 24,000 daily attacks.
In fact, even police departments have been known to surrender to this brand of ransomware. In late 2013, police in Swansea, Massachusetts had their office system locked up and the law enforcement group paid the fee.
CryptoLocker’s runaway success came to a screeching halt last summer when U.S. and European officials raided a number of servers believed to be connected to Gameover ZeuS, an encrypted peer-to-peer communication system that greatly reduces its vulnerability to law enforcement operations. That malware had taken over a large number of PCs and networked them to deliver the CrpytoLocker malware. Last June, groups like TrendMicro2 celebrated the successful collaboration of law enforcement and industry, but warned that new delivery methods were likely to surface.
Just a year after that big bust, ransomware is again in the news. On May 25th, 2015, an unknown number of PCs around the globe experienced activation of a new strain called Locker. Again, the goal was money but in this instance, an individual claiming to be Locker’s creator dumped all the decryption keys onto the Internet claiming activation was a mistake.
Also in late May, McAfee5 warned that a ‘do it yourself’ version of ransomware was now available for use on the Dark Web. They dubbed it Tox, which is short for toxic.
This new kit lets hackers with less tech knowledge create custom viruses and is being offered at no charge. Users deliver the virus with a custom ransom message any way they like. Tox then collects 20% of the ransom as its share. Experts say it’s hard to detect, too.
Up-to-date antivirus software is essential and so is a strong backup – preferably one that saves multiple versions of your files to make recovery easier. The best protection of all is not to click on email attachments that seem abnormal. They’re probably a phishing attempt created to deliver malware you definitely do not want.
Have you had an experience with ransomware? Share your story with us at email@example.com. Who knows? Your tale could help others avoid the pitfalls.
- https://www4.symantec.com/mktginfo/whitepaper/ISTR/21347932_GA-internet-security-threat-report-volume-20-2015-social_v2.pdf, pg 17.