Help! My computer has been kidnapped…..

15 jun
2016

 

A horrible scream sounds from one of the concentration working cabins on the 3rd floor. All colleagues look startled… It is Rose, with a clearly shocked face, and a somewhat wild look in her eyes… Help! she says…. My computer has been kidnapped! A few colleagues walk to her cabin and indeed, an ominous message on RosCTB-Locker-message-menacese’s laptop: Your personal files are encrypted! What should I do? Rose says. Is all my data gone? Should I pay them to get it back?

 

Do you recognize this? Have you already experienced this in your environment? If not, were you lucky? Or is your computer and your network well protected? If you did experience it, you will also recognize Rose’s feelings of panic. It looks like the cybercriminals changed the approach to reach their goal of evil richness. Stealing money is still cybercrime’s favourite. In the past, stealing bank accounts and credit cards was the approach to achieve this goal. However, banks have established better anti-fraud measures, making this technique difficult. Therefore, criminals have altered their strategy. As organisations are dependent on their data, criminals target the data within organisations with cryptoware. In order to unlock the data, organisations will have to pay a ransom. Due to the data dependency, more and more organizations are willing to pay the crypto-currency (bitcoins) and give the bad guys a new fast and safe way to monetize a victim.

 

Ransomware doubled in 2015 (Bromium threat report, 2015). The number of ransomware families increased 600 percent ransomewarefrom 2013 as shown in the figure with ransomware discoveries from Symantec.

 

 

 

But what is ransomware? And specially, what can you do about it?

 

Ransomware works the same as blackmail does in the physical world. It either encrypts your computer and its files, or it prohibits you getting access to your computer. And only if you pay the attacker in bitcoins, it will send you a key to decrypt your data or unlock your computer. Most known versions of ransomware are Cryptolocker, Cryptowall and Locky. Exemplary for the continuous development of ransomware is Jigsaw, which deletes your personal files one-by-one, much like killing hostages one-by-one.

 

So, what can you do about it? Firstly, cybercriminals try to attack you by social engineering (phishing e-mails, downloads from a malicious website, downloads of malicious software). Therefore, be very aware of the links you click on, the websites you visit and the software you are installing. You, being the user, are the first and very important line of defence against any type of malware. Second, be sure to have an up to date backup of your files at all times. At last, be sure to have an up to date computer system, including your anti-virus software.

 

And like Rose asked after she saw the scary notice on her laptop screen. Should you pay? Police urges you not to pay, and even urges you to always file a report of every incident. Even if you pay, very often you will not receive the requested key to decrypt your laptop again. Therefore, no, paying only makes the cybercriminals more profitable and provides them money to do more research & development, allowing them to develop new types of ransomware.  The best way to recover from a ransomware attack is to set your computer back to factory defaults and retrieve your data from the hopefully latest back-up……

Let’s not click on those malicious links…..

 

I wrote this article for my study at Nyenrode

 

References :

Pay up! It’s Ransom Season…

https://www.symantec.com/security-center/threat-report