Ransomware – Infection on the Rise Again
What is Ransomware
Ransomware is a type of malware which restricts access to the computer system that it infects and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive, while some may lock the system and display messages intended to trick or coax the user into paying a fee.
Ransomware typically propagates via web browsing or downloading an infected file or email attachment. In many cases the system’s Anti Virus protection is bypassed or partially disabled.There were a number of very high profile cases of large ransomware infections in mid 2014, but ransomware infections are on the rise again.
The downloaded program will then begin to operate according to the malware writers instructions and for example it will begin to encrypt data files on the hard drive. There are many different forms of ransomware, at present the biggest ransomware threat for Windows users is CryptoWall, this is an extremely well written malware program that encrypts a wide range of files and demands that victims pay a ransom in Bitcoin cryptocurrency to recover them. CryptoWall uses encryption algorithms which cannot be decrypted.
This ransomware can be spread through many different methods, but a large number of infections are now being launched from compromised websites or through malicious ads and usually exploit vulnerabilities in browser plug-ins like Flash Player, Java, Adobe Reader or Silverlight. That doesn’t mean that ransomware criminals have abandoned email-based infection methods. In fact there has also being a major recent increase in January 2015 of another file-encrypting ransomware program called CTB-Locker spread mainly via email.
CTB-Locker infections mainly occur via a malicious zip file attachment. This zip file contains another zip file which houses a .scr or .cab executable file. Running any of those executable files will result in a CTB-Locker infection. Similar to CryptoWall, CTB uses strong encryption that makes it impossible for victims to recover their files without paying the ransom, if they don’t this data backed up securely elsewhere. The CTB ransom demand is in Bitcoins, which equates to about US$650.
Police and IT security companies advise against paying such ransoms, there is no guarantee of getting the data unencrypted by the cyber criminals and payment also encourages them to continue with their illegal activities. However, there are many publicly reported cases of users and companies who have paid in order to try and recover their data.
To prevent malware infections all users should pay particular attention to keeping their operating systems fully patched, together with using the most up-to-date versions of internet browsers, java ,etc and having up-to date Anti Virus together with some form of malware protection is also critical in preventing infection. Companies should invest in a robust Internet security program or service to protect their networks and users and should also have established a good backup routine in order to restore critical data, in the event of infection.