assesses with high confidence that many businesses, schools, government agencies, and home users will remain at high risk of ransomware
infections throughout 2016 because hackers that are financed and extremely motivated will continue to innovate and expand the targeting scope of their extortion campaigns.
The most prevalent form of this profit driven malware is known as crypto-ransomware
, referring to the use of encryption to render files locked
until a ransom is paid to release a decryption key. The observed increase in ransomware infections and development of new variants over the last
two years illustrates the attractive incentives for criminal hackers, as the perceived return on investment outweighs the risk of attribution and prosecution.
In recent months, numerous cybersecurity firms released threat predictions for 2016, with universal agreement that ransomware and
other forms of cyber extortion would not only continue to increase, but expand into new digital territories. In addition to personal devices
such as tablets and smartphones, hackers will probably target other Internet-connected devices including home automation systems, smart
appliances, vehicles, and medical devices. Likewise, servers, websites, and cloud solutions are also at risk, particularly for those who outsource
data storage and management to third-party vendors with poor cybersecurity practices.
- The tactics used to distribute ransomware often involve cunning social engineering tactics, such as
carefully crafted phishing emails, designed to manipulate as many unsuspecting victims as possible to maximize profit. Other infection vectors
include exploit kits, drive-by downloads, malvertising, and botnets.
- The developers and propagators of ransomware are able to obscure their identities and
reduce the likelihood of attribution using a variety of tactics. Most variants of ransomware now rely on the Tor anonymity network
for command and control, as well as the use of crypto currency, namely Bitcoin, for anonymously accepting ransom payments. In addition to
built-in anti-forensic capabilities designed to avoid detection and forensic examination, newer variants attempt to eliminate data recovery
options by encrypting additional connected drives and network shares, deleting Shadow Volume Copies and system restoration points, and even
overwriting free disk space.
- Demonstrating the effectiveness of ransomware and the damages a single campaign can inflict,
the Cyber Threat Alliance reported that the CryptoWall 3.0 variant infected hundreds of thousands of victims worldwide and netted criminals
$325 million in less than one year. In 2015, Microsoft reported that it had removed ransomware infections from 24,000 computers after updating
malware signatures in its Malicious Software Removal Tool. Furthermore, in the 2015 Kaspersky Security Bulletin, the cybersecurity company
reported the detection of ransomware on over 50,000 computers on corporate networks, double the amount they detected in 2014.
- There is an expanding marketplace for customizable, user-friendly ransomware tools,
ransomware-as-a-service offerings, and affiliate programs that allow average users with limited technical ability to distribute malware
and conduct for-profit cyber attacks. In 2015, a ransomware kit named Tox was released that allowed any Internet user to distribute and
profit from ransomware. Although the developer of Tox ultimately put the kit up for sale fearing discovery by law enforcement, other hackers
quickly filled the void by offering affiliate programs that promised shared profits to anyone who distributes the ransomware to more victims.
For many organizations, ransomware may not be entirely preventable; however, the impact of a successful infection can be greatly reduced if a
robust data backup process is in place. Comprehensive data backups should be scheduled as often as possible and must be kept offline in a
separate and secure location. The most effective method to prevent ransomware infections is to conduct regular training and awareness exercises
with all employees to ensure users are proficient in safe Internet-browsing techniques and the ability to identify phishing emails.