Ransomware? Bad news, it's getting worse

Geek Speak

Steve Weisman, Special for USA TODAY

635981605803254358 ThinkstockPhotos 492800537I first warned you about the dangers of ransomware in early 2015,   and its increased use was one of my cybersecurity predictions for 2016.

Unfortunately, that prediction has come true, and my motto of, “Things aren’t as bad as you think — they are far worse,” has proven accurate. In fact, the FBI has recently warned that ransomware attacks

against hospitals, schools, government agencies, police departments, businesses and individuals are dramatically increasing.

Ransomware is a type of malware that once installed on your computer locks and encrypts files.   The cybercriminals who send it to you then threaten to destroy your files unless you pay a ransom, generally in untraceable bitcoins.

Phishing or its more sophisticated version, "spear phishing," is often used to spread the malware. Emails lure the victim to click on a link, which downloads the ransomware.  Spear phishing targets specific victims by personalizing an email to make it appear especially legitimate.

Cybercriminals can do this by gathering information from various sources including social media accounts.  By putting too much personal information on social media, we often become our own worst enemy.

Ransomware is also spread through malvertising, which is apparently legitimate advertising, and on bona fide websites. But click on it, and you've downloaded the malware.

Yet another way cybercriminals strike is by infecting legitimate websites such that merely going to the site without clicking on anything is sufficient to infect your computer.  A newer version of ransomware called CryptXXX is being spread in this manner and was used to infect the website of American toy maker Maisto.  Fortunately, there is a free decryption tool for this particular type of ransomware, available from Kasperksy Lab.

Often the websites are infected through attacking vulnerabilities that exist in plug-ins such as Adobe Flash.  As long ago as 2010, Steve Jobs complained about this vulnerability.  Despite security patch after security patch, new problems kept coming up with this software.  It would appear that just as companies retire certain programs when it is just too difficult to continue to patch them (as with Windows XP), this may well be the time for Adobe to retire Flash. And if the company doesn’t do this, you should consider retiring it yourself and replacing it with another plug-in that performs the same function.

One of cybercrooks' newer methods is deploying ransomware against smartphones. While this tactic is less common, it is only a matter of time before the myriad of devices that make up the Internet of Things could be subject to such attacks.  Just imagine the dangers of Internet-connected medical devices such as pacemakers and insulin pumps being compromised.

Rarely is paying the ransom a good option, although in a controversial statement at a Cyber Security summit in 2015, FBI Assistant Special Agent Joseph Bonavolonta indicated that sometimes the FBI advises victims to pay up.  The FBI, as would be expected, has since backed off of this statement.

New versions of ransomware are constantly being developed by cybercriminals who often — rather than merely using the malware themselves — will sell it on a part of the Internet referred to as the Dark Web, where less technically sophisticated criminals buy and sell malware as well as stolen information, such as credit card numbers.

Cybersecurity predictions for 2016

Some cybercriminals are even taking advantage of the general awareness of ransomware to trick their victims into downloading malware that merely locks their screen while a pop-up message appears telling the victim that they have become a victim of ransomware and that they must pay a ransom or their data will be destroyed although the data has not been locked or encrypted.  Merely restarting the computer can often get rid of the pop-up and end the screen lock of these wanna-be ransomware criminals.

Read More