Symantec’s 20th annual Internet Security Threat Report revealed a dramatic rise in software that prevents victims from accessing their files until they have paid a fee.
In the past, ransomware attackers typically used malware to lock up a system to restrict access to files. They would often pretend to be law enforcement officials, telling the victim that their computer had been used for illegal purposes, and demanding a ‘fine’ in payment to unlock their files.
More recently, crypto-ransomware has emerged as an alternative. This malware typically locks up a victim’s files by encrypting them without the owner’s permission. This then forces the victim to pay the perpetrator a ransom. The criminal then (hopefully) sends a decryption key to the victim so that they can then access their files.
The evolution of crypto-ransomware drove up ransomware attacks overall in 2014, said the Symantec report. Crypto-ransomware attacks rose by more than 4000 per cent in 2014, totalling 373,342 attacks, driving up overall ransomware attacks by 113 per cent over the year, the company said. The criminals behind one strain of crypto-ransomware, Cryptodefense, earned over $34,000 in a single month, said the report.
One of the advantages for cybercriminals using crypto-ransomware is that they don’t need to fool users into thinking that they’re someone they’re not. That may work on residential users, but it might be harder to perpetrate for enterprise users. Malware that encrypts files and demands payment, however, makes it impossible to retrieve data from an infected machine until the ransom is paid.
The question is, would security professionals pay the fee? According to a survey by ThreatTrack last month, 30 per cent of them would. The survey also revealed that security practitioners’ willingness to negotiate with cyber criminals over ransomware was based on their exposure to this crime. 40 per cent of respondents to the ThreatTrack poll said that they worked in an organisation that had been targeted by cyber criminals. Of that number, more than half said that they’d negotiate.
In some cases, negotiation may no longer be necessary. Crypto-ransomware is becoming a big enough problem that companies are producing tools to overcome it. This week, Kaspersky released a tool designed to recover data encrypted by the CoinVault ransomware strain. The tool was produced after The Netherland’s National High Tech Crime Unit discovered a collection of ransomware decryption keys on a CoinVault command and control server.
Other findings from the Symantec report included a rise in the number of data breaches (up 23 per cent), and an increase in the number of zero-day vulnerabilities (the report counted 24 in 2014). Vendors were also slower to patch vulnerabilities in 2014, Symantec said. The top three vulnerabilities took 204 days, 22 days, and 53 days to patch this year, compared to an average patch window of just four days in 2013. The top five zero-days of 2014 were used by attackers for 295 days in total before patches became available, the firm said.
