And that approach probably works out just fine from a law enforcement organization’s perspective. However, from the viewpoint of a private citizen whose entire database has been held hostage by vicious hackers, not paying a ransom is hardly an option. According to the FBI’s own statistics, ransomware attacks are spreading like virus in the US alone, with a spike as alarming as $209 million in damages in the first three months of 2016. When you look at it, the reasons behind the spread of ransomware are quite easy to understand. The malicious coding can be acquired by anyone with an internet connection for as little as a hundred dollars on the Deep Web, the psychological pressure over losing one’s important data almost always ends up in a successful heist and the current law enforcement system can and does very little to prevent the situation from going out of control. That, however, is not to say that the law enforcement isn’t concerned. In a news report released in April 2016, the FBI expressed its direct concerns over the unchallenged growth of ransomware attacks and urged any victims to not give in to the demand for ransom unless all other options are exhausted. Unfortunately, however, as is the case with most ransomware attacks, the stakes of losing years worth of important data is always quite high and the ransom demanded usually very small, leading most victims to give in to the attacker’s’ demands before even reaching out to law enforcement.
For starters, though, let’s try and have a look at what ransomware is, and what differentiates it from other types of malicious coding. The most common form of ransomware is one that infiltrates your network, gains access to your data and encrypts them using advanced algorithms to prevent you from accessing your own files. A demand for an aggressive amount of money, generally in Bitcoin, is then demanded by the perpetrator in exchange for the key that decrypts said data that has been hijacked. There are, of course, several other types of ransomware, such as the kind that block access to the entire operating system or the kind that attaches itself to a partition of the computer’s hard drive. Most ransomware come with some sort of encryption key that is used to unlock the stolen data files once ransom is paid, though there is absolutely no guarantee that the perpetrator will keep their end of the bargain once money is transferred.
The majority of ransomware attacks come with a set of identifying characteristics, such as the use of malicious coding that can spread throughout the network, the blocking of access to important data in the victim’s servers in a variety of creative ways, including the scrambling of file names and adding different extensions to prevent them from being accessed. Ransomware attacks also feature a time limit to add an element of psychological pressure against the victim, after which the data in concern is either stolen or deleted from the victim’s servers permanently. Attackers these days almost always ask for payment in Bitcoin, as the cryptocurrency is incredibly difficult to track as far as payments go. In the 27 years that it has been around, the pattern of infiltration and the techniques used in ransomware attacks has changed significantly, making it more and more difficult for law enforcement officials to track in the event of individual cases.
One of the major reasons why there isn’t sufficient technological support to fight off ransomware is that most attacks are conducted upon smaller companies, with the demand for ransom being even less than your average burglary. This makes the prospect of spending millions of dollars a year to build preventive infrastructure a hiccup for the law enforcement, which instead relies on weaker, open source technologies to deal with small-case heists.
The concern over ransomware lies not in individual cases but the number of cases reported each year, which makes it the most popular cyber-infiltration scenario in current times. According to the Cyber Threat Alliance (CTA), the damages caused by CryptoWall 3, a particular type of ransomware, hit $325 million in 2015 alone. As per statistics produced by the Federal Bureau of Investigation, in the first few months of 2016, a single variant of ransomware infected as many as 100,000 computers each day. In the March of 2016, the number of computers infected by ransomware technology hit the absolute upper ceiling for the year, reports Symantec. While the cases, when considered individually, may not amount to much, the number of incidents reported worldwide in any given year is clearly a matter of global concern.
The FBI, supported by multiple cybersecurity experts, has on multiple occasions insisted that when infected by ransomware, the best response is to not pay unless it is an absolute necessity and there is no other way to recover the hijacked files at all. Sadly for the FBI, this extreme scenario is more often than not the case, making it utterly impossible for victims to deny ransom. That, coupled by an alarming scarcity of ways in which to fight ransomware, does little to help the cause of the war against cybersecurity.
If the necessary steps were to be implemented on a national level, a lot could be done to make ransomware attacks less of a threat to the cyberscape. In fact, it was only recently that web development company Iflexion suggested the use of artificial intelligence to fight the war on cybersecurity. There is no absence of ideas here. There is, however, a clear absence of initiative.
According to several FBI experts on cybersecurity, the best way to combat ransomware is to take the necessary preventative measures in advance of the attack. If you or your company store a large number of sensitive files in your hard drive, you should always consider keeping a cloud backup of your files in case of an attack. Further, make sure that the backup copies are in no way connected to the same network as the original copies. Make sure that all important security measures, such as antimalware and internet security software, are kept in place at all times. Plug vulnerabilities before they arise and always be internet smart. These are just a few of the many points mentioned by the FBI to keep your system safe from ransomware. While that is all well and good, the initiative to prevent further attacks in a similar vein should arise from law enforcement agencies side by side individual users, as asking a victim not to pay ransom when their valuable data is held hostage is in no way a permanent solution.
If you enjoy my work, feel free to visit my website for more: haroldstark.com.
Source: SANS ISC SecNewsFeed @ February 28, 2017 at 06:33AM