Ransomware is evolving and that’s bad news for just about everybody except cyber-thieves.
Ransomware, which is a form of malware, works by either holding your entire computer hostage or by blocking access to all of your files by encrypting them. A person infected with ransomware is typically ordered (via a pop-up window) to pay anything from a few hundred to a few thousand dollars in order to get the key to unlock their encrypted data.
Of course, there’s no guarantee that even if a victim pays the demanded amount they will actually get access to their files again, which makes dealing with ransomware somewhat of tricky issue.
And with new sophisticated strands of ransomware on the rise, it’s likely that more people will become infected and have to deal with the headache that comes along with it, security experts tell Business Insider.
How is ransomware evolving and how is it spreading?
Cyber criminals are now using the most modern cryptography to encrypt stolen files and are getting really good at making their dangerous links and downloads seem perfectly benign.
One new strand of ransomware that falls into this category is called CDT-Locker and is often times very hard to detect. CDT-Locker can be hidden in files in such a way that even security software can’t tell its there. To make matters worse, hackers are getting people to willingly download these dangerous files by using sneaky tricks to make them appear legitimate.
For example, a hacker might pose as your utility company in an email stating that they need you to fill out an attached form or else your power will be cut off. Or a hacker might even use social engineering to pose as someone in your contact list to get you to click on a link in an email.
Cyber criminals are even using social media sites and newsgroup postings to spread the malicious code.
“There’s a lot that the facilitators are doing to take advantage of natural human reactions that we would find disturbing in the real-world,” said Steve Grobman, the chief technology officer, of Intel’s Security Group.
“They are really using any sort of content that you can put in front of a user’s eyes. Whether it’s Twitter or various news feeds or websites. It’s any point of contact to download and run the software with the ransomware.”
So what do you do if you accidently fall victim to ransomware?
Well, the first thing you may want to do is alert law enforcement, said Jason Glassberg, the co-founder of the security firm Casaba Security. While they might not be able to help you much, they should still be made aware of the crime.
Second, you should turn off your infected computer and disconnect it from the network it is on. This is important because an infected computer can potentially take down other computers sharing the same network, Glassberg said.
While the malicious software itself can be removed, getting your data back is a whole different story, Glassberg said. Because new strains of ransomware are using advaced cryptography, recovering files is pretty much impossible without the necessary key to unencrypt them, he said.
So finally, you have to decide whether or not you are going to pay the ransom. If you’ve backed up your data on a separate hard drive you can at least recover the data you lost from the point of the last backup. And this can prevent a major headache of debating whether or not to chance paying the criminals who locked your computer.
“We want to make it very clear, as far as preventing yourself from getting into this situation to begin with, it is really critical that everyone regardless of whether you are a consumer, a small business or a large business that backups are set up in such a way that they are separate from your computer. So if you are are hit by ransomware you are able to get data back without paying the ransom,” Grobman said.
But if you decide to risk paying the ransom you should know that the cyber criminal will likely require you to pay using Bitcoin or another virtual currency over the Tor network, which is a software used to make web browsing anonymous. This means that tracing the thieves is nearly impossible and if they decide not to unlock your computer you are pretty much out of luck and money.
And even if the hackers do give you the keys to unlock your encrypted files, there is always a chance they can lock your computer again in the future to demand more payment. Considering the risks, Grobman advises against caving to the hackers.
“We have seen many scenarios where even if the user pays, they don’t get the recovery keys. So it’s one of the reasons we tell our customers that paying the ransom is not the best course of action,” Grboman said.
“For starters, paying the ransom may not result in you getting your keys back. And you are also providing additonal incentives for the criminal element to continue to build ransomware and make it more effective and helping it become an even bigger problem in the future.”