The United States Department of Homeland Security (DHS), in collaboration with Canadian Cyber Incident Response Centre (CCIRC), has released an alert to provide further information on ransomware, specifically its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware. The problem is obviously becoming serious.
The report states:
Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.
Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. For example, vulnerable Web servers have been exploited as an entry point to gain access into an organization’s network.
The governments discouraged victims from paying hackers to restore access to their data. The full report is available at https://www.us-cert.gov/ncas/alerts/TA16-091A.
In somewhat related news, Bitdefender has released a free “crypto-vaccine” for popular ransomware strains including CTB-Locker, Locky, and TeslaCrypt, all of which target the Microsoft Windows operating system. See https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/ for details about the new “vaccine” and to download it as well.
Ransomware is primarily a problem on the Windows operating system although one version for Macintosh has appeared but never spread very far. The Macintosh version was limited to a downloadable version of the Macintosh program called Transmission, a popular program for transferring data through the BitTorrent peer-to-peer file sharing network. Anyone who downloaded Transmission would get infected once the program was run. Apple quickly issued a fix for the OS X operating system. Any Macintosh with an up-to-date version of the OS X operating system will not be infected. Even Macs that were previously infected will be cleared of the problem once the latest operating system updates are installed. There is no equivalent fix for Windows released as of today by Microsoft.
Have you updated your operating system recently?