Officials urge vigilance as ransomware cases increase
- By Matt Leonard
- Sep 08, 2016
It’s no secret that ransomware has grown more prevalent. Thanks to the anonymity afforded by the Tor browser and bitcoin digital currency, cybercriminals can easily make money without significant startup costs, panelists at a Sept. 7 ransomware workshop hosted by the Federal Trade Commission said.
Ransomware attacks get users to click on a malicious link that installs malware to lock their computers and, in some cases, encrypts their files. To regain control of the computer or access to files, ransomware victims are asked to pay the attacker through either bitcoin or a prepaid credit card.
Ransoms can range from $15 to more than $3,000, according to Anthony Masi, a cybersecurity graduate student who interned with the FTC to study ransomware. The attackers use a number of different scare tactics to coerce the victim into making the payment, Masi and fellow FTC researchers found. As time passes, ransom amounts increase, files are deleted and threatening images can be used to pressure the victim.
Preventing ransomware attacks can be difficult. In one case, a victim was exposed after ordering a meal from a restaurant website that had been attacked. While most ransomware is delivered through email phishing campaigns, it can also be spread by online advertisements and websites. And it’s hard to simply stop clicking on links, Georgia Weidman, founder and CTO at Shevirah Inc., pointed out.
Mobile is the next place attackers will focus their attention, planting malicious links in texts, WhatsApp and social media, Weidman said. With the growth of the Internet of Things, the problem will continue to spread. If something can connect to the internet, then it is vulnerable, she said. “The bad guys are going to go where the money is.”
The panelists agreed, however, that organizations can take steps to lessen their vulnerabilities. Bill Wright, the director of government affairs at Symantec, said basic cyber hygiene can prevent a significant number of attacks. Intrusion prevention, exploit protection and frequent patching will all help prevent ransomware attacks. And because the social engineering techniques the attackers are using are the same ones used in malware attacks for years, Wright said it’s critical to teach employees how to spot a suspicious link and raise awareness that ransomware attacks are a possibility.
FTC Chief Technologist Lorrie Cranor agreed that the tricks used to get people to click on ransomware links are similar to those in other malware attacks, she said there is an important difference: With ransomware, you can lose your files. That makes backing up systems critical. Organizations must decide what information is important and then work with their vendors and IT staff on appropriate backup methods.
That backup strategy is vital, because completely preventing attacks can be very hard. While the FBI does not condone the payment of ransom, it understands that organizations might pay it, according to Will Bales, supervisory special agent with the FBI’s Cyber Division. Files and access is often restored to ransomware victims after they’ve made payments, but panelists warned that payment does not work 100 percent of the time.
Victims of ransomware should give the bitcoin wallet information and malware sample to the FBI, Bales said. They can do this anonymously, he added, and the info helps the agency build profiles of attackers and pinpoint trends.
While the fight against ransomware will be long, the FBI has had some success, Bales said: “There is light at the end of the tunnel.”
Matt Leonard is a reporter/producer at GCN.
Before joining GCN, Leonard worked as a local reporter for The Smithfield Times in southeastern Virginia. In his time there he wrote about town council meetings, local crime and what to do if a beaver dam floods your back yard. Over the last few years, he has spent time at The Commonwealth Times, The Denver Post and WTVR-CBS 6. He is a graduate of Virginia Commonwealth University, where he received the faculty award for print and online journalism.
Leonard can be contacted at firstname.lastname@example.org or follow him on Twitter @Matt_Lnrd.
Click here for previous articles by Leonard.