Weekly Update

Ransomware is on the rise, oddly

When cybercriminals hit a wall on one type of attack they try another and another until they eventually find a hole and get through. Rarely do they pack up their bags and go home, unfortunately for us. And so different kinds of malware come and go depending on where attackers are having the most success.

According to the latest threat report from McAfee, malware developers have turned their attention to “ransomware.” This kind of malware holds part or all of a victim’s computer or data hostage. The malware encrypts data or the entire computer and then, using anonymous payment methods, demands money to restore it. The scam is nothing new, according to McAfee. One of the first Trojans seen on the PC, the AIDS-Trojan in 1989, worked exactly this way, but for many years such attacks were rare. Now they have become more common. In fact they are on the rise and this quarter McAfee reports that it saw ransomware at its busiest ever. The number of new ransomware threats increased to more than 120,000 during the second quarter, almost double the number of threats from the first quarter.

This is particularly discomforting as one would think Internet users (and McAfee customers) would be aware by now that you should not give in to demands for money by anonymous sources on the web. Are companies or individuals really giving up money without a guarantee of getting an unlock code in return?  McAfee does not report how successful these attacks are, only that they are on the rise. But as noted earlier, cybercriminals wouldn’t be bothering with these kinds of attacks if they weren’t having some success.

Ransomware is particularly problematic, says McAfee, because the damage is instant and commonly a machine is rendered completely unusable. So not only is the victim’s data destroyed, but some of the victim’s money is also gone if he or she attempts to pay the attacker’s ransom. The situation can be much worse in an enterprise if the malware encrypts all the data that a victim has write-access to on a corporate network.

McAfee’s answer? Back up your systems on a regular basis and consider using access protection rules in your security products. The problem with access protection is that it is only helpful when the attack is a known attack. Most malware today is not on any list of bad software, it is disguised as something a user would recognize as good. Remember the email sent to the RSA employee in HR, with the subject line and attachment  “2011 Recruitment Plan”? The employee opened the attachment and unwittingly unleashed one of the most successful attacks in corporate history.

The approach that traditional security products take of trying to look for all the bad things in the world and attempting to stop them, doesn’t work anymore. It’s time to think differently about protecting corporate assets. And McAfee’s threat report, while interesting, does not offer a solution to this problem.

Question of the week

How is it that ransomware threats are still successful?