Ransomware is the biggest threat that has ever hit customers says Bogdan Botezatu, senior threat analyst at Bitdefender, and worse is coming according to him.
"It is ironic that encryption, a technology designed to keep us safe, is being used against the customer," he said. Encryption-based ransomware is essentially someone transforming your files into a mish-mash of bytes that need a key to be translated.
And it is only the perpetrator that can provide you with that key – for a fee. "Interestingly, most of the time they are giving the encryption key to the victim if they pay," Bogdan added, "except when they go to jail first."
Mobile hostages
And don't think that ransomware is limited to desktops only. Yes, it is very prevalent in that segment because customers tend to take security very lightly (think Windows XP and Internet Explorer 6) but the threat is very rapidly coming to mobile.
Only one in fifty smartphones on the market have antivirus protection, and devices older than two years are unlikely to get any sort of updates or patches especially as Google, smartphone makers and network carriers are all part of the equation.
What can be done to mitigate this threat? Well, installing an antivirus program on your devices – any sort of antivirus – would help. Most of them are free, either on mobile or desktop.
Keeping it up to date and upgrading your operating system would be a good thing, too. Backups are also a very good idea. With cloud-based storage now available almost by default on most recent devices, ransomware is yet another powerful incentive to get the end user backing up.
"Backup as often as possible as ransomware can hit anytime even if you're not doing anything wrong," our interlocutor warned. "Because ransomware developers are very apt at using zero-day exploits, you don't even need to click to get the payload."
Polymorphism problems
Sometimes just browsing a website is enough to be infected. Add to that the fact that ransomware has resurrected an old technique called polymorphism and one starts to grasp the challenges faced by security experts on a daily basis.
"Each piece of ransomware has its own unique ID, every single one of them is different from the other one. The more you rely on polymorphism, the more you can evade traditional antivirus solutions."
He then quoted a worrying figure: 2,000 is the number of ransomware files uploaded in one day by hackers to VirusTotal, a free service that checks whether a file is a virus or not by matching it against a malware database from more than 40 antivirus solutions.
None of these files were in the database, which is why relying on behaviour analysis rather than just analysing a file is where the industry is heading.
The boom in ransomware can be attributed, Bogdan said, to the more mature encryption technologies as well as the wide availability of DIY kits that allow you to, well, build your own ransomware factory and start taking people's data hostage.
He also cited the death of three people, all suicides that are directly linked to ransomware. All three chose to end their lives rather than giving in to ransomware criminals.
IoT dangers
But the worst is yet to come. The rise of the Internet of Things could provide ransomware developers with a much bigger and potentially lucrative "audience".
Want to continue using that pacemaker of yours? Please pay in Bitcoins only. How about saving your house from an impending blaze? That would be a few more Bitcoins.
"There's no cure to ransomware and it could change the face of cybercrime forever," Bogdan pointed out as we ended the interview.
