Ransomware: Are businesses the next target?
The most dangerous type of ransomware this decade has been Cryptolocker, which has already infected half-a-million PCs, says Carey van Vlaanderen, CEO of ESET Southern Africa.
Ransomware is the latest tool in the cyber criminal's arsenal, but to date, it has largely been used to target consumers, says Carey van Vlaanderen, CEO of ESET Southern Africa.
In the last 18 months, ransomware has emerged as a serious tool for cyber criminals and has developed into a growing concern for security-savvy citizens and business chief information security offers (CISOs).
Described by some as the virus 'that blackmails you', ransomware essentially blocks access to your files, while simultaneously demanding payment in return for restoring access - an attack that can earn cyber criminals big money.
A large number of ransomware variants have come and gone in years gone by, from those that encrypt your hard drive in exchange for bitcoin payments, to those which simply try and scare the user into coughing up their money.
By far, the most dangerous type of ransomware this decade has been Cryptolocker, which has already infected half-a-million PCs. It was also big enough for the FBI and Europol to get involved and they eventually brought down the criminals' computing infastructure behind the ransomware.
To date, however, most victims have been random citizens, infected by a phishing e-mail, spam or a fake software update. It may also arrive via a drive-by-download attack on a bogus or spoofed Web site.
Users usually come to be infected after clicking a link or opening an attachment, and the virus will then look to encrypt the hard drive. The ransomware alert will appear on screen and cannot be minimised. At this point, the attacker(s) will request a 'modest' amount of bitcoins for the files to be unlocked.
The danger in paying is that there is no guarantee that the cyber criminals won't return for another payday. The best bet is to go back to your most backed up files.
The question is: could ransomware be used to hit organisations that hold the most capital - that is, the banks? Up until this point, the answer has been a straight 'no'. Banking defences are better than most other sectors, and the only ransomware to target banks was actually aimed at their customers, mainly through phishing e-mails.
However, recently there have been signs of change. Last month, researchers indicated that three Greek banks were targeted with bitcoin ransomware, with attackers from the Armada Collective requesting a grand sum of EUR21 million to decrypt the files.
And while it was not strictly ransomware, an individual going by the name of Hacker Buba also demanded a ransom of $3 million after penetrating the defences of a small bank in the UAE bank, InvestBank. He was originally foiled, although his plan was to release customer data until payment was received.
These attacks are currently few and far between, but with ransomware authors creating new variants which target Windows and Mac, mobile devices, YouTube ads and now, encrypt entire Web sites, you can be sure that bank defences will be tested by ransomware for a long time to come. The one-million-dollar question is whether banks can do enough to keep them out.