Ransomware is a particularly nasty form of malware.
It has been around for a while in one guise or another, but the most recent versions have been particularly sinister. The purpose of ransomware is to, as the name suggests, collect a ransom. If you are unlucky enough to install a piece of ransomware on your computer, you can expect to have a nightmare scenario unfold. The malicious code underlying the ransomware once installed, will encrypt all of your data – and I mean all of it. This includes locally stored, network stored and even data in Cloud storage areas like Dropbox; it can even affect some backup systems if they work by synchronising your data. Once encrypted, the ransomware then plays back to you, on screen, their calling card. This is usually an onscreen message letting you know you have to pay a ransom of usually between $500-$1000 within a week. Then the cybercriminal in control of your machine will decrypt your data. (...you hope)
More recently, ransomware has taken another twist and insisted the ransom be paid in bitcoins, just to add even more aggravation to the crime.
It is enough to send shivers down your spine.
Ransomware attacks are on the increase. Symantec, in their Internet Security Threat Report 2014 noted an increase of 500% in ransomware attacks. A more recent report by anti-virus vendor MacAfee shows that in Q1 of 2015, ransomware has increased by 165%. This is partly due to the daddy of all ransomware, Cryptolocker and its derivative, Cryptowall. Both of these ransomware variants are highly lucrative for the perpetrators; Cryptolocker pulling in around $30 million of extorted money and Cryptowall being still, ‘in the wild’ and bringing in just as much as its predecessor.
How does ransomware get in?
Ransomware uses software vulnerabilities to ultimately take control of your computer; software vulnerabilities being, essentially, bugs in the code that can be used by malware as an exploit into your computer system. However, to get into your system in the first place, it needs to find a vector in. These vectors in are often in the form of emails that contain malware as an attachment or through advertisements on legitimate websites, also known as malvertising. (For other possible points of malware entry, check out The Secrets to Malware Detection Part I blog.)
Malvertising is becoming an increasingly worrying trend and Symantec in the 2014, Internet Security Threat Report, cited it as being the biggest growth area in malware insertion techniques. This finding is backed up by The Online Trust Alliance in a report, Emerging Threats to Consumers within the Online Advertising Industry. Released in 2014, it showed that over 12.4 billion malicious ad impressions had been generated and that the threat was increasing.
One of the biggest advertising based ransomware exploits of recent times was based out of Russia. The cybercriminal gang behind the attack used a real-time ad bidding network to deliver the infected ads – they were fake ‘Hugo Boss’ ads that appeared on legitimate websites such as Huffington Post. Once in situ, if a visitor clicked on the ad, they were taken to a server that used an exploit in Flash to download Cryptowall ransomware to its victims. And then chaos, in the form of ransomed, encrypted data, ensued. Many advertising networks are being targeted for this exact exploit including, Yahoo’s extensive ad network.
How to prevent infection from ransomware
You can do certain things to reduce your risk of infection. I’ve outlined a few strategies below:
Strategy 1: Keep your software up to date. Ransomware uses software vulnerabilities to take control of your computer so keep your software, especially browsers, patched and up to date.
Strategy 2: Email is often used as a vector into your system. Stay alert against emails coming in from trusted sources -- make sure they are not deceptive and from the proper sender.
Strategy 3: If you are a publisher and have ads running on your website, make sure you use the right tools to ensure a clean and safe experience for your users.
If you want to know more how to verify ads, check out our GeoEdge Ad Security & Verification tool.