Should You Pay or Fight Ransomware
Ask security experts what to do when hit with ransomware — the sophisticated malware that infects a device or network, uses military-grade encryption to restrict access, and demands payment for the decryption key — and you’ll typically get the same answer: “never pay the ransom.” But for many, that’s simply not an option.
In most of these cases, paying the ransom is a “no-brainer” for the organization, Sjouwerman says. That’s because ransomware is largely automated, demanding around $500 in exchange for the decryption key for all victims. The ransom for a police department’s evidence might be the same for a personal PC user’s photos.
“Ransomware is the Walmart of cybercrime. They just have decided to automate the whole process,” Sjouwerman says. “And they are massively phishing as many email addresses and companies as they possibly can. For them, they have figured out that the business model is: some people will have backups, some people won’t. Of the people that don’t, it has to be a no-brainer.”
The cybercriminals behind these attacks are concerned with maximizing the likelihood of their victims paying the ransom. Theoretically, they could increase the payout for cases where they’ve encrypted more valuable data. But the key is to make sure they pay up, and keeping the price within a reasonable range will increase the chances that more victims will pay.
—Ransomware: Pay it or fight it? | Network World
Honor among thieves
Along these lines, many of the people behind ransomware have focused on creating a trustworthy reputation on the Internet, honoring all ransom payments and leaving victims alone once the exchange has been made. In December, Sjouwerman told CSO about a new strain of ransomware called OphionLocker that was designed to recognize the devices it had infected in the past so that it doesn’t hit the same victims repeatedly. And in his experience working with ransomware victims, Sjouwerman says every victim that has paid the required ransom amount did receive their decryption key, most of them within an hour of sending the payment.
The objective is to make the decision as easy as possible for ransomware victims – if they pay up, they will receive access to their files and can put the entire ordeal behind them. “If they are not prepared and they are hit, most of them will pay,” Sjouwerman says.
So it’s not much of a surprise that ransomware has grown so rapidly since CryptoLocker, the now-defunct ransomware strain that brought this model to the internet, was released in September 2013. Symantec estimated in September (PDF) that CryptoLocker-style ransomware grew 700% in 2014. McAfee recently reported (PDF) a 155% growth of ransomware in the fourth quarter of 2014.
The IT security community may advise against paying the ransom as a means of removing the incentive for cybercriminals to engage in this kind of scam. But that is usually the last thing on the minds of IT decision makers who just want to get their files back and get back to work. For an organization that faces losing weeks’ or months’ worth of data, they can write off the expense as a learning experience.
“This is in jest and more ironic than anything else, but you almost have to be grateful to the Eastern European cyber mafia to send you a social engineering audit that tests both your employees and your IT department for being click-happy, and also if best practices are being implemented or done,” Sjouwerman says. “It’s a really cheap audit, for $500.”.
—Ransomware: Pay it or fight it? | Network World
How to Prevent & Avoid Ransomware
You protect yourself from ransomware exactly like you protect yourself from all viruses and malware.
1. You should have a firewall. A router is probably good enough and an additional software firewall is fine if you’re paranoid. Turning on the Windows 7 firewall these days is usually enough.
2. Run up-to-date anti-malware tools. I happen to recommend Microsoft Security Essentials, but there are many, many others. Make sure that they are running and up-to-date.
3. Keep your system and software up-to-date.
4. And of course the usual advice applies: don’t download random things from the internet; don’t open attachments that you aren’t completely certain are valid and correct. The most recent and virulent ransomware seems to arrive most often in the form of an email attachment.
Basically, do all the things you should already be doing to keep yourself safe on the internet. In fact, that’s the article that I’m going to point you at (“Internet Safety: 8 Steps to Keeping Your Computer Safe on the Internet“) because that’s really all this boils down to doing.
This happens to be just one style of threat – a particularly nasty one – but one that you protect yourself from it in the exact same way that you protect yourself from all other styles of attack… all other styles of malware.