Saving private files: How to handle cyber-extortionists
By Digital News Asia March 17, 2015
- 7mil+ encryption malware attempts against Kaspersky Lab users in 2014
- Although home users at great risk, businesses are a prime target
COMPUTER users in many countries are increasingly falling victim to so-called encryption malware – programs that encrypt important data on infected computers and then demand a ransom to decrypt it.
In 2014, over seven million attempts to carry out such attacks were made against Kaspersky Lab users alone, the company said in a statement.
Encryption malware gets special attention because cybercriminals are continually changing the tools they use, including cryptographic schemes, code obfuscation techniques, executable file formats, and infection vectors.
This type of malware is usually distributed via spam or attacks against remote administration systems, Kaspersky Lab said.
The persistence of this form of extortion is easily explained: Unlike banking Trojans, which generate an ‘income’ only if the victim uses online banking, a piece of encryption malware, having once infected a computer, will always find something to encrypt and hold to ransom.
Cybercriminals prefer to be paid in the Bitcoin cryptocurrency, which offers them a sufficiently high level of anonymity.
At the same time, it is common for attackers to specify their rates in real-world currencies, such as US dollars, euros or rubles.
The cost of decrypting data for home users starts at 1000 rubles (about US$15) but can be as high as several hundred dollars. If a corporate computer is infected, the attackers’ demands increase five-fold.
Cybercriminals are known to have demanded ransoms as high as €5,000 (US$5,286) to decrypt files.
Sadly, companies that have lost their data often prefer to pay up rather than lose important information. It comes as no surprise, therefore, that businesses are a prime target for cybercriminals who use encryption malware to make money.
“If files have been successfully encrypted and there is no backup copy, users have little chance of getting their data back,” said Artem Semenchenko, malware analyst at Kaspersky Lab.
“It would take a mistake by the attacker in terms of the design or implementation of the encryption scheme for a user to be able to decrypt the files – and this rarely happens now.
“This is why it is important to regularly back up important data and store the backup copies separately from the computer system.”
VirLock, the first shapeshifting ransomware
40,000 systems infected by TorrentLocker ransomware
Black hat hackers will be more sophisticated in 2015: Fortinet
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.