Beware – Ransomware!

Alongside advancements in information and communication network technologies, there are parallel, adversely impacting ‘advancements’ on evolving forms and styles of threats to information and communication networks.

Denial of Service (DoS), Distributed Denial of Service (DDoS), spyware and so on are few of the infamous forms of attack types that have been reported consistently for quite a while. 

And then there is the re-entry of an older and a then-less popular one, named RANSOMWARE! This time ransomware re-surfaces in new forms, complex often, more threatening that earlier. 

Ransomware is malware that encrypts files and deletes the original files, thereby making access impossible unless a ransom is paid. [1] To simplify further, it is any malicious software (malware, in short) that simply holds to ransom a user’s information file(s) or an entire system. 

A recent example to cite is that of the University of Calgary in Canada where hackers have cashed in to the tune of $20,000 after the University of Calgary agreed to pay the pricey ransom in the wake of a ransomware/malware attack. [2] In this case, the information type held to ransom was university/academic data. 

Ransomware is conventionally planted via spam and phishing emails containing a malicious attachment or a link to a malicious file [1]. Once activated, the ransomware blocks system access or encrypts some or all files, all to pop-up a message to the user demanding ransom terms. But newer forms of ransomware take advantage of unpatched system vulnerabilities as well where there is no user interaction required [4], the Samsam ransomware as an example [5]. 

Visualize a ransomware attack on an organization that has critical customer information, such as a telecom operator. If the systems of a telecom operator were hacked by a ransomware, it could bring to halt various services as basic voice and data services, customer care systems, billing, operations, etc. depending on the scope and intent of the hacker. And surely the ransom demanded would be much higher because your customers, their subscription information and ensuring that customer services are not hampered, are critical to a telecom operator. 

That brings us to another point of how ransom payment is demanded. Not as straightforward as old Bollywood-style goons that ask the victim’s acquaintances to bring the money to a deserted location, warning them in conclusion not to inform the police! Ransomware hackers demand payment via iTunes and Amazon gift cards [3], Digital currency (for example, Bitcoin) [2], and other secure payment mechanisms. And the police in today’s times also is vulnerable to be a victim, held for ransom by the ransomware hackers! [6] 

Finally, as they say that ‘prevention is better than cure’, general guidelines to protect systems and entire organizations from ransomware attacks can be learnt from the above as system hardening, ensuring latest security patches are installed to individual and business systems, verifying email communication with original sender, if known, and so on. 

On a lighter note, if an email sounds suspicious and the sender cannot be traced, but the communication seems important, I would prefer to leave the attachment untouched and send it back to the sender! 

References:

[1]. http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEL03042USEN&attachment=SEL03042USEN.PDF
[2]. http://www.calgarysun.com/2016/06/07/university-of-calgary-paid-20000-in-ransomware-attack
[3]. http://www.trendmicro.com/vinfo/us/security/definition/ransomware
[4]. http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/server-side-ransomware-samsam-hits-healthcare-industry
[5]. http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/server-side-ransomware-samsam-hits-healthcare-industry
[6]. http://www.darkreading.com/attacks-breaches/police-pay-off-ransomware-operators-again/d/d-id/1319918