A lot of smart people in the security world say it’s old news. Nothing more to see here, move along. And yet ransomware is a topic that won’t go away.
The reason is simple: the bad guys continue to claim countless victims daily, many of whom pay the ransom because they feel they have no choice.
SOURCE Boston 2017
Andrew Hay, co-founder and CTO of LEO Cyber Security, will give a talk today at 1:15 pm ET called “The Not-So-Improbable Future of Ransomware”. It’s a subject he’s spent a lot of time on. During RSA, he helped run a day-long seminar on it.
During today’s presentation, he’ll outline the evolving parallels between ransomware and traditional kidnap and ransom tactics (K&R) and doctrine:
As a perpetual student of history, I immediately noticed similarities between K&R and ransomware methodologies and the rate at which common tactics were appearing in ransomware campaigns. Ransomware campaign operators are simply taking what has worked before and applied it to the computerized world.
Old but persistent
Ransomware is indeed an old topic in information security circles. Attackers have been hijacking computers and holding files hostage for years now, typically demanding that ransom be paid in bitcoins. Some might expect that most people are well aware of the threat by now and that they’re taking the appropriate precautions. It’s therefore reasonable to assume that online thieves have moved on to new tactics.
Unfortunately, that’s hardly the case. Naked Security has continuously followed cases of individuals and companies falling victim to it. Most recent examples include:
- Mole, ransomware that has caused enough concern to spark an advisory from CareCERT, the cybersecurity initiative set up for the UK’s National Health Service (NHS).
- A spam campaign where ransomware is downloaded and run by a macro hidden inside a Word document that is in turn nested within a PDF, like a Russian matryoshka doll. The ransomware in this case appears to be a variant of Locky.
- The increased ease with which someone can build and launch ransomware regardless of skill. All you need is ill intent and access to the dark web. We’ve been calling this trend ransomware as a service.
- Satan, ransomware billed, among other things, as an online crimeware service.
- Filecode ransomware that targets Mac users.
Ahead of the SOURCE Boston talks, it’s worth passing along our usual resources to combat ransomware.
First, some things people can do to better protect themselves from this sort of thing:
- Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
- Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.
- Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit. In the case of this attack, users want to be sure they are using the most updated versions of PDF and Word.
- Use Sophos Intercept X, which stops ransomware in its tracks by blocking the unauthorized encryption of files.
Other links we think you’ll find useful:
- To defend against ransomware in general, see our article How to stay protected against ransomware.
- To protect against misleading filenames, tell Explorer to show file extensions.
- To learn more about ransomware, listen to our Techknow podcast.
- To protect your friends and family against ransomware, try our free Sophos Home for Windows and Mac.
Techknow podcast — Dealing with Ransomware: