Recent News - Ransomware: The big payoff for cybercriminals in 2016


2016-03-30

Over the past year, cybersecurity professionals have been facing more and more cases of ransomware. This type of attack has rapidly gained ground and it seems that there is no end in sight to its growth.

So what is ransomware? Put simply, it is a type of malware that prevents or limits users from accessing their systems or data. Ransomware forces its victims to pay a monetary ransom, usually through anonymous online payment methods, to regain access to their systems or data. There have also been cases where victims have paid up without receiving a recovery key or have otherwise been unable to recover their files.

This type of malware is not new. The first widely known case of ransomware, the ’AIDS Trojan’, dates back over 25 years! However, like most cyber threats we see today, ransomware is fast becoming more sophisticated and therefore, more troublesome for both businesses and consumers.

Ransomware has caught the attention of cybersecurity professionals recently due to growth in both the number of victims, as well as the profits that cybercriminals have obtained from this type of malicious campaign. High profile news has similarly made ransomware a larger topic of conversation, including the recent case of the Hollywood Presbyterian Medical Centre in Los Angeles, which was made to pay a ransom of US$17,000 by hackers in order to regain access to its computer systems.

According to recent ESET research, crypto-ransomware detections have been prevalent in regions like Latin America and Europe, but recently there has been a spike in incidences outside of these territories. According to the Internet Organised Crime Threat Assessment 2015 report by Europol , Japan has the second highest global detection rate for ransomware. The country is also one of the top three countries in Asia where European Union law enforcement investigations have identified perpetrators or criminal infrastructure. According to the report, Japan, South Korea and the Philippines are identified as the most prominent countries in East and South East Asia, from which commercial extortion campaigns originate.

Rapidly mutating threat

Ransomware has evolved over the years and over a period of time this malware has upgraded itself, increasing the number of attacks worldwide. In fact, today we are even seeing some cybercriminals offering this kind of malware as a service.

‘Ransomware as a Service’ (RaaS), is a worrying trend, with more and more tools being discovered that have been specifically designed to help even the most unsophisticated criminal create this type of malware, regardless of their level of technical expertise. Further still, ransomware has also evolved to target operating systems not only for desktop, but also for mobile. Cases of ransomware have been found to affect mobile devices, especially those running Android, the most popular mobile operating system worldwide. The group behind the Reveton ransomware program, for example, has ported the malware to Android, distributing it through pornography sites where it is disguised as a video player.

The threat of ransomware has also diversified in terms of approach and vector. Initially, only the Windows families of such malware were showing year-on-year growth in terms of the number of detections. Now this malware has extended to other operating systems such as OS X and even Linux. And the technologies used to deliver ransomware are evolving too. In the early days, drive-by-downloads and spammed links or executables were the common delivery mechanisms, but this now includes spam with attachments such as Office documents with macros, BAT, CHM, JavaScript and LNK files, and the payloads delivered from these downloader components include more than just binary executables, such as various script platforms, including PowerShell.

Will the Internet of Things (IoT) be next?

Throughout 2015 there was significant interest in the possibility of malware focusing on equipment associated with the Internet of Things (IoT). The increasing number of devices connected to the internet, and their often woeful security stance, provide cybercriminals with a greater number of points-of-attack. This puts devices such as smartwatches, smart televisions, wearables, driverless cars and a whole host of other devices at risk.

An early example of such an attack is the Linux/Moose worm that has commandeered SOHO routers for social media fraud. Other security researchers have considered the possibilities of wearables, smart televisions and so on being targeted by malware, and in some cases they have even provided proof-of-concept demonstrations. Given ransomware’s apparent profitability, it seems likely that some e-criminals must be thinking along the same lines.

These key developments lead us to believe that ransomware is here to stay and will surely continue mutating in the coming years. From the security side, the challenge is not only to detect and block or remove such attacks, but also to ensure the continuing availability of information for enterprises and consumers.

As technology has evolved, the protective mechanisms to counter threats such as ransomware have improved based on experience. However, they must be accompanied by user management and education. Prevention is better than the cure and this applies to end users of technology today. Keeping devices well protected is the single biggest and most effective step that will defeat ransomware. In addition, keeping data adequately backed up is key to ensuring that if an attack takes place, the victim isn’t strong-armed into paying up.

According to Gartner, we are gearing up towards a fivefold increase in the number of devices connected to the internet over the next five years, reaching 25 billion online devices. The challenge we are going to face is protecting more of these devices against ever more sophisticated malicious code. Network security, the prevention of exploits and the appropriate configuration of devices will take on greater importance to prevent such attacks, helping users enjoy safer technology.

 


 

About ESET
ESET, the pioneer of proactive protection and the maker of the award-winning NOD32 technology which is celebrating its 25th anniversary in 2012, is a global provider of security solutions for businesses and consumers. The Company continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin "VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998. ESET has been selected as one of the most innovative companies in Europe for the 2011 HSBC European Business Awards and holds number of accolades from AV-Comparatives, AV Test and other organizations. ESET NOD32 Antivirus, ESET Smart Security and ESET Cyber Security for Mac are trusted by millions of global users and are among the most recommended security solutions in the world.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore; with offices in Sao Paulo (Brazil) and Prague (Czech Republic). ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Cracow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network for 180 countries.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. Headquartered in Hong Kong, the Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Version 2 Singapore Pte Ltd is the local office of Version 2 Limited.
For more information, please visit http://www.version-2.com.sg/ or call (65) - 6296 4268(65) - 6296 4268 .

Previous News Next News

Return to the previous page