What is ransomware?
Ransomware is a type of malware that attempts to extort money from a computer user by infecting or taking control of a victim’s machine or the files or documents stored on it. Typically, the ransomware will either lock the computer to prevent normal usage or encrypt the documents and files to prevent access to the saved data.
- Prevents you from accessing Windows and other devices.
- Encrypts files so you can’t use them.
- Stops certain apps from running.
The number of users attacked by encryption ransomware increased by 48.3% in 2015.
As with any crime, it’s natural to want to know the motive behind these attacks. In the case of ransomware, it’s about money. Sometimes cybercriminals have complex motives for their actions— whether it is to embarrass an individual or organization or attack them for political reasons. But with ransomware, it is simply a very lucrative way for cybercriminals to make money.
In 2015, victims paid a total of over $24 million in some 2,453 reported ransomware attacks, according to a report from the FBI Internet Crime Complaint Center. CryptoLocker, one type of ransomware that has infected tens of thousands of machines, rakes in $30 million every 100 days, according to a Dell SecureWorks report. According to a survey conducted by Interdisciplinary Research Centre in Cyber Security at the University of Kent, more than 40% of CryptoLocker victims agreed to pay.
It’s no wonder, then, that cybercriminals see ransomware as a business opportunity and look to exploit it.
The average payment for ransomware is around $300, as of 2015, whereas for businesses, it seems to be around $10,000. The goal with most ransomware attacks is to make the number low enough that replacing the computer would be more costly. With businesses, it is a constant test to see what the market will bear. Most ransomware payments are demanded in bitcoin, which is a currency that is harder to trace.
Clearly, ransomware has all the elements of a perfect digital crime. It has a low cost of entry. It’s successful. It’s hard to trace. And it won’t be going away anytime soon.
Ransomware was detected on 753,684 computers in 2015
HOW DOES RANSOMWARE WORK?
Ransomware is a unique kind of cybercrime. Unlike hackers who attempt to steal data, ransomware criminals only attempt to prevent access to data. Because of this, businesses come to a grinding halt when hit by ransomware—and they don’t easily forget the experience. They may not have to pay a massive sum of money, but the residual costs, the reputational damage, the harm to their brand and the aggravation all serve to leave a lasting mark on the collective memory of any company hit by ransomware.
When ransomware hits, it usually walks through a number of typical steps.
- Installs when the user opens a file, usually via email, IM, social network or by visiting a malicious site.
- Generates a pop-up window, web page or email warning from what looks like an official authority.
- Encrypts the user’s files with an AES-256, a randomly generated one-time key.
- Creates an individual encryption key for each file.
The first instinct many victims have is to try to unlock the data by decoding the encryption key. This is a losing battle. In 2008, Kaspersky Lab researchers actually cracked a 660-bit RSA key used by the GPCode Trojan. But soon its authors upgraded the key to 1,024-bits, making it practically impossible to decrypt.
Just how hard is it to break through? By looking closely at the math, security experts determined that it would take approximately 7×1040 times longer than the age of the universe to exhaust half of the keyspace of a AES-256 key. In short, don’t bother.