The first quarter of 2015 has seen ransomware continue its strong comeback and turn more deadly, as crypto-ransomware accounted for over half of all ransomware infections.
So says Ihab Moawad, security expert at Trend Micro, who notes the number of ransomware infections doubled in Q4 2014 and in Q1 2015, the number of crypto-ransomware infections has more than doubled. Crypto-ransomware infections have quadrupled since Q1 2014, he adds.
Ransomware is malware which cyber criminals use to seize control of computers and phones when unwitting users click on an infected link or download a tainted document, locking them out of all access to their devices unless they make ransom payments.
"These are scary stats considering how valuable enterprise data is and how quickly the compromise of client data can send a company's reputation spiralling down the drain," Moawad states.
"Today's ransomware no longer just locks victims out of their computers like their Police Trojan predecessors. Crypto-ransomware, their more lethal descendants, encrypt valuable user files and hold them for ransom to ensure user payment, putting users at great risk as cyber criminals set their sights on the enterprise."
Intel's McAfee Labs Threats Report for May notes high-tech extortion schemes nearly doubled in the first three months of 2015.
According to the report, ransomware surged 165% in the first quarter, rebounding from a slight dip earlier in 2014 when police agencies worldwide staged a coordinated crackdown to knock out a major ransomware network.
"You may never have heard of ransomware and if this is true then think of ransomware as a kidnapper that's after your precious child. It's a variation of malware that takes control of your system or data away from you and refuses to return it until you pay the cyber criminals behind the attack. Your data is the hostage and your money is its freedom, hence this malware has been dubbed ransomware," Moawad explains.
Nonetheless, he says ransomware is not a new concept. "In fact, ransomware has been around for 10 years with the first versions having been detected in Russia in 2005.
"But as the Internet is capable of doing, the malware has spread around the globe and now comes in many different versions. The latest of which is a beefed up version called crypto-ransomware that has a bull's-eye stuck firmly to the enterprise's forehead."
In the past year-and-a-half, Trend Micro has come across a particularly nasty version of ransomware called "CryptoLocker", Moawad says. It will encrypt files and offer to decrypt them only when paid. The encryption used by CryptoLocker variants is nearly unbreakable so users usually have to choose between paying the cyber criminal or losing the data.
According to Moawad, the best way to protect an enterprise from ransomware is to keep systems up-to-date, run a full-featured security package and educate employees on the unreliability of attachments.
In addition to this, he says it's vital organisations ensure their data is backed-up as a good backup can rescue them from having to pay a cyber criminal for their data.
"Enterprises need to take ransomware as a serious threat to their infrastructure and business as a whole. Ransomware can effectively destroy enterprise files once you're infected; this is the type of threat where the best thing you can do for your business is make sure that you don't get infected in the first place," he concludes.
Share