An intriguing article on how easy it is to obtain the Bitcoin ransomware source code on underground forums was published recently. However, this software won’t be found by searching in Google, as hackers use the darknet to conduct their business. Still, it is certain that anyone can buy a ransomware for $100.
Brian Krebs is a very popular American journalist in the sphere of Russian cybercrime. Due to the fact that he has infiltrated hacker forums, people have sent drug shipments to his house in order to thank him for his efforts. In return for this payment, the buyer was provided with all of the distribution tools, as well as other software to access virtual machines remotely. Though, the seller of ransomware will keep 15% of the incoming Bitcoin ransom payments, and the person claimed this seller is currently servicing between three and four hundred customers.
Ransomware is a type of malware which restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some of the ransomware forms systematically encrypt files on the system’s hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key. At the same time, others may just lock the system and display messages intended to coax the user into paying.
Usually, ransomware propagates as a trojan, whose payload is disguised as a seemingly legitimate file.
Initially, it was popular only in Russia, however, these days the use of ransomware scams has grown worldwide.
In June 2013, a security software vendor released data showing that it had collected over 250,000 unique samples of ransomware in the first quarter of 2013, more than double the number it had obtained in the first quarter of 2012. The malicious attacks, which involve encryption-based ransomware, started increasing through trojans such as CryptoLocker, which had procured an estimated US$3 million before it was taken down by authorities. At the same time, the US Federal Bureau of Investigation estimated that Cryptowall have accrued over $18m by June 2015.
An important thing which larger organizations should be aware of, is the fact that one PC infected by ransomware can affect shared documents, potentially disrupting the work of many staff and not only the source PC. In this case, the solution involved building a custom application to automate pulling the files back from Google Drive’s inner sanctum and reinstating them in the right place so that sharing wouldn’t break.
Another solution, apart from making offline copies, is using a full cloud backup service such as CrushPlan or Carbonite which allow convenient file restoration. This type of cloud backup costs around £4 per month or £40 per year for reliable archiving and backup, arguably money very well spent with more advanced plans for small businesses also available.
In any case, PC users should know that competent backup is still the single most important defence against ransomware, as removing the infection is only a way of getting back the system, not the data that used to be stored on it.