Ransomware – The Biggest Security Threat in 2016 and How to Prevent It

While the list of security threat predictions for 2016 is long, the one that concerns home users the most is linked to ransomware – a malicious program that either locks the infected system or encrypts its data. Once it has done that, it asks for a ransom to let go off the computer or decrypt the data.

Some Quick Stats about the Ransomeware’s Menace in 2015

• A new variant of the ransomware family – Teslacrypt, was seen in early 2015. It specifically targets computers with saved games files. Read more about Teslacrypt here.
• A massive surge was detected in the CTB Ransomeware – a relatively new variant.
• India seemed to have been hit with the highest number of ransomeware attacks this year; accounting to 16000infections.
• The FBI reported a loss of $18 million because of ransomware attacks worldwide.

Ransomware infections are deemed nasty to such a level that even the FBI stated that they often advise people to pay the ransom. Joseph Bonavolonta, Assistant Special Agent in Charge of the Cyber and Counterintelligence Program in the FBI’s Boston office quoted “The ransomware is that good… To be honest, we often advise people just to pay the ransom.”

So, what’s the prediction for ransomware in 2016?

By the looks of the alarming rate at which the ransomware family is growing, it is wise to assume that this malware is here to stay and not going away anytime soon. For 2016, here’s what ransomware authors may be gearing up for:

1. Getting more personal– hackers may threaten people of releasing encrypted information in public. Instances of this have already occurred. ‘Chimera’ – a recently launched ransomware campaign in Germany, threatened to release the victims’ encrypted files in public, if the ransom was not paid.
2. Targeting Macs– with Mac becoming more popular among users, they are likely to become an attractive prey for ransomware.
3. Extending the ransomware circle– rookie cybercriminals may start offering ransomware as a service, transforming it into a large-scale business-like operation.
4. Targeting Android – attempts of bringing ransomware to the mobile platform have already been noticed in 2015; a popular example is SimpleLocker. In the coming year, we can expect advanced and more complex variants of the same and others alike.
5. Better delivery – hackers will use more sophisticated mechanisms to spread ransomware and more valuable ways to extort money from their victims.
6. Other targets – as more users are becoming aware and getting educated about how to fight ransomware, hackers will target avenues which are still security-deficient such as smart TVs, smart houses, smart fridges, Internet-enabled cars; in short, the Internet of Things.
7. Life Threatening – Frighteningly, ransomware attacks can turn out to be more than a digital threat to people – it can become life-threatening. Attackers are now suspected to go after lifesaving medical devices. There could be a horrid situation where a patient is demanded to pay a ransom in order for their pacemaker to be released from a ransomware’s clutches. Read more on this here.

Steps you Must Take

Cyber criminals don’t take time off from creating and improving upon their tactics and that’s why it is essential that we don’t let our guard down against them. Here are some of the best ways you can protect your device from ransomware:

• Never download attachments or click links in emails received from unwanted or unexpected sources, even if the source looks familiar.
• Don’t respond to unwanted pop-up ads or alerts while visiting unfamiliar or even familiar websites.
• Apply all recommended security updates to your OS, software, and Internet browsers, if not already.
• Take regular backups of all the important files you have on your computer. We recommend you to begin the backup procedure offline and not when you are connected to the Internet. Doing this will ensure that you do not have to meet the ransomware’s demands.
• Have a security software installed in your PC that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites. Quick Heal Antivirushas an inbuilt anti-ransomware defense that detects and stops ransomware that encrypt data. This defense mechanism works on a behavior-based module – which means, it analyzes programs based on their behavior and the activities carried by them on the users machine. This helps Quick Heal detect malware like ransomware in real-time and prevent possible infections. This anti-ransomware feature remains active in the system even if the antivirus software itself is turned off for some reason.

The Decryption Tool

Current Situation

Although downright evil and malicious, malware authors are ambitious. If you thought that the TeslaCrypt authors stopped working after creating the first version of this malware, then you would be wrong. The latest version of this malware, reportedly released in November 2015, is known as ‘v8’ or ‘v2.2.0’. While it is not certain how many variants of this malware have been spawned since its inception, the latest version clearly states that the hackers have been keeping themselves busy.

The Quick Heal Threat Research Labs was recently reported about 60+ cases of TeslaCrypt infection. Apparently and fortunately, the encryption tool used by this particular variant is weak and can be broken to reveal the key that is required for decrypting the locked data.

Below is a link to a free tool that can be used by those who fell victim to the latest TeslaCrypt infection and their files were encrypted.

https://github.com/Googulator/TeslaCrack

Note:

• TeslaCrypt 2.0 infection can be recognized from the extension “.vvv” added to the names of the encrypted files.

• The recovery process takes a good amount of time so one needs to be patient; also, this tool does not guarantee the recovery of files in all cases.

A word of advice

The steps described for using this tool are not meant for novice users. So, if you are not sure about them, consider seeking assistance from a computer technician or a friendly neighbor who happens to be a computer geek.

To conclude, here are some safety measures to stay away from ransomware attacks:

1. Never download attachments or click on links in emails received from unwanted or unexpected sources, even if the source looks familiar.
2. Don’t respond to pop-up ads or alerts while visiting unfamiliar websites.
3. Apply all necessary security updates to your OS, software, and Internet browsers. Always keep automatic updates ON.
4. Have a security software installed in your PC that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites.

And, the most crucial step – while doing this will not save you from a Ransomware infection, but will certainly help you recover. Take regular data backups. Ransomware goes after your data, and then threatens you to pay up in exchange for the data. So, if you have a backup, then you are guarded against extortion – which is, in fact, the most important part here.

Sanjay Katkar, MD & CTO, Quick Heal Technologies Limited