It’s a mainstay of Hollywood films and TV dramas. A genre unto itself.
Kidnapping. Extortion. Bad guys holding hostages for ransom.
Only thing is you can’t hire Liam Neeson to track the bad guys this time because it’s not an ex- CIA operative’s daughter who’s been taken.
It’s your personal or professional data – sensitive, irreplaceable files swiped right off your computer.
In its place is an anonymous note:
"The structure and data within your files have been irrevocably changed. You will not be able to work with them, read them or see them. It is the same thing as losing them forever."
"Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server."
"If you really value your data, then we suggest you do not waste valuable time search for other solutions because they do not exist."
The price to get your files back? Anywhere from a few hundred to several thousand dollars.
You’ve become the victim of a CryptoWall attack.
Ransomware growing at alarming rate
“Malicious software, called malware, is now considered the most dangerous threat to information security worldwide,” says Dr. Sreekanth Malladi, computer science professor in Saint Leo University’s on-campus and online cyber security masters degree program.
According to Malladi, CryptoWall is a type of malware called ransomware, a relatively new trend in cybercrime. (See the FBI's update: Ransomware on the Rise.)
Ransomware can infect your computer if you click on a seemingly harmless email attachment or visit a compromised website and click on a malicious advertisement or link.
Sometimes ransomware threats are connected to a countdown clock. Sometimes they look as if they have been sent by legitimate law enforcement agencies. And often they demand payment in digital bitcoin currency.
Malladi says industry studies show that ransomware scams first appeared in 2012 and overall increased by 500 percent in 2013. File-encrypting variants such as CryptoWall escalated by more than 700 percent.
CryptoWall’s predecessor, CryproLocker, infected more than half a million systems in nine months of operation, netting its creators approximately $3 million before U.S. and international law enforcement shut it down.
Numerous variants of ransomware
Malladi says that ransomware may be fake, masquerading, for example, as FBI surveillance software and supposedly locking your computer or browser until you pay money at the nearest gas station to free the hard drive.
Ransomware such as CryptoWall, however, he says is genuine.
“Basically, hackers design them such that, once it infects a machine, it encrypts the entire hard drive, whose decryption key is only known to the hacker. Victims then have to pay ransom through means such as PayPal or Western Union transfer, in order for hackers to send the decryption key that is required to decrypt and recover the data.”
Preparing Cyber Security professionals
According to Malladi, ransomware such as CryptoWall is a growing concern not only because it is becoming more prevalent, but also because it continues to evolve becoming increasingly more sophisticated and difficult to detect and to study.”
Cyber security professionals need to be prepared to stay ahead of the curve, which is one of the goals of Saint Leo’s master’s degree program in cyber security.
“Saint Leo’s cyber security degree program educates students on the full details of the various types of malware such as ransomware and trains them to build effective strategies to mitigate such threats to an organization’s information system.”
For example, the program’s course on management of information security has several components that teach the design, implementation and maintenance of a comprehensive and sound information security management program.
Technical courses such as network security and ethical hacking delve deeply into the roots of malicious software in order to build effective strategies to deal with them. Students learn how to tune and strengthen defense mechanisms such as firewalls, anti-virus and intrusion detection systems in order to prevent, detect and remove malware.
Don’t panic and don’t pay
The Department of Homeland Security says that if you are a victim of this type of cybercrime do not pay the ransom fee. Paying does not guarantee your encrypted files or computer’s functionality will be restored nor the malware infection removed.
Malladi recommends you first report the incident to your system administrator and to the cybercrimes division of your local law enforcement agency so that other users may be protected and damage to the organization mitigated.
“System administrators could detect the signature of CryptoWall or other similar malware and update the defensive tools such as firewalls and intrusion detection systems to limit further damage to the organization,” says Malladi. “But unfortunately, unless they already backed up their data, there is not much else that victims can do except to reimage their hard drives.”
Prevention: best solution
Most malware is spread through email attachments, drive-by downloads and rogue security software programs.
“CryptoWall, for example, can be easily downloaded by falling trap to a fake update to “Adobe Flash” software and installing it,” Malladi says.
In addition to having an effective anti-virus and firewall, users should not open unsolicited email attachments, stay away from suspicious websites, and being careful about validating the legitimacy of software and their updates.
“Although not a prevention measure, having a rigorous and regular back-up strategy for data can greatly mitigate potentially devastating losses in the wake of a ransomware attack.”
Do you have any recommendations for safeguarding your computer from a malware infection?
Other posts you may be interested in reading:
Image Credit: BagoGames on Flickr/Creative Commons