At the beginning of this year, several new strains of ransomware have been discovered. Considering their vicious routines, and witnessing the threat actors behind these operations, took ransomware to new heights. The whole development process established crypto-ransomware as a lucrative cybercriminal enterprise. And while the security industry may be doing a great job of keeping up with the latest new tactic and providing solutions, the not-so informed public and organizations may very well be on the receiving end of a crippling malware that can destroy personal and corporate files, as well as lead to huge financial losses.
In February, Hollywood Presbyterian Medical Center was hit heavily with Locky ransomware, which impacted the facility’s emergency rooms. The hospital paid a ransom amounting to $17,000 just to decrypt the files. After that, the Methodist Hospital in Henderson was hit with Locky, preventing access to their patient files. It looked like the two examples were specifically targeted and given a purposely large ransom to dish out.
Apparently, the basics of crypto-ransomware is constantly evolving. Hackers are using new methods to make attacks personal in an attempt to get inside the victim’s head. And this is just superficial. Regarding the routines, these crypto-ransomware are getting more creative by using macros and scripts, displaying professional-looking pages, or by adding new functions to put more pressure to their victims such as modifying a computer’s master boot record, crossing networks, and crossing platforms as well. It looks like some other hackers who used to spread different types of threats before (e.g. online banking malware), have joined the crypto-ransomware bandwagon, too. These are the DRIDEX spam campaigns which have distinct similarities to that of LOCKY’s.
Here are some noteworthy threats that have stood out in the first quarter of 2016:
- PETYA overwrites an affected system’s master boot record and locks users out
- JIGSAW copies all the user’s files, deletes the original ones, and destroys the copies incrementally
- MAKTUBLOCKER sends targets email messages that contain the users’ full names and mailing addresses in order to appear legitimate and further convince these users into downloading this crypto-ransomware
- SAMAS/SAMSAM encrypts files across networks,by looking for and attacking systems running vulnerable JBoss servers
- CERBER adds a ‘voice’ capability to verbally move users into paying the ransom
- KeRanger becomes the first ransomware that successfully target Mac OS
- PowerWare abuses Windows PowerShell in order to leave as little trace of infection as possible.
Usually, health organizations are easy targets because they lack security provision that can handle cyber threats. Follow the money, the next targets might be other businesses and organizations which also do not have sophisticated cybersecurity and do not create backups of their extremely crucial data.
In an interview with Trend Micro CTO Raimund Genes, viewers were told that paying ransom only fuels cybercrime:
“If all your data is encrypted, if the only way to get the data back is paying the bad guys, I understand. But is it good? No.”
Preventing ransomware may be difficult, but the avenues of backing up data are already available. From hard drives to cloud based backups, the right mindset and knowing how to mitigate the effects of ransomware.
No temporary solutions exist. When damages are minimized and users save themselves from paying for ransom or losing files permanently, it works. For that reason, users and enterprises are advised to back up their data at all times.