Alarms are going off around the Internet with an apparent increase of ransomware which “immediately makes its presence known by encrypting files and demanding payment for the keys to unlock them.” The Department of Homeland Security (DHS) issued an Alert on October 22, 2014 that included this description:
Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars, and is sometimes demanded in virtual currency, such as Bitcoin.
Ransomware is typically spread through phishing emails that contain malicious attachments and drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and malware is downloaded and installed without their knowledge. Crypto ransomware, a variant that encrypts files, is typically spread through similar methods, and has been spread through Web-based instant messaging applications.
DHS discourages paying the ransom:
Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.
However in November 2014 the Dickson County (Tennessee) Sheriff paid a Bitcoin ransom to get back files.
Bromium recently released a report entitled “Understanding Crypto-Ransomware” which started with this introduction:
This threat is called crypto-ransomware (ransomware) and includes at least a half-dozen variants, including CryptoLocker and CryptoWall. Ransomware shows no sign of abating since traditional detection-based protection, such as antivirus, has proven ineffective at preventing the attack. In fact, ransomware has been increasing in sophistication since it first appeared in September 2013, leveraging new attack vectors, incorporating advanced encryption algorithms and expanding the number of file types it targets.
With the extensive growth of malware the odds continue to increase that ransomware will end up on almost everyone’s computer.