LegalSEC is a Google+ friendly blog.
As we embark on the LegalSEC foundations, recommendations, policies and best practices, some of what drives the group’s focus is watching the news and understanding the ever changing threats that plague the computing world. One such nasty threat is ransomware.
Ransomware is the new type of infection in the se
curity realm to describe malware or other viruses that compromise a machine and execute some type of code that usually encrypts user data folders or in some cases the entire hard drive and holds the data for ransom. The infected user usually must pay a set amount of money in order to recover from the attack and unlock or decrypt the files that were scrambled. What is most interesting is that many of the ransomware attacks cannot be defeated or “cleaned”, even with the best antivirus and anti-malware tools. Attackers are utilizing strong encryption schemes that would take months if not years to crack and decrypt the data.
Hackers are smart, they know that the encryption patterns that lock the data are not impossible to correct, so they usually put a timer on the ransom attack. If you don’t pay by the due-date, not only is your data still encrypted and inaccessible, in many attacks, the data will be deleted. The element of permanent deletion is what gets most people to pony up the money for the decryption key and to get the attack stopped. The most famous attack in recent months is called CryptoLocker. This nasty malware comes as an attachment in an email and infects computers. As soon as the infection happens, the drive or many folders are encrypted and users have no escape from the permanent splash screen with a count-down-clock. That is the time in which you have to pay before your disk is completely deleted. New variants of the CryptoLocker virus will give infected users a second chance if the timer runs out and they failed to mail a BitCoin. The rub on that is that the decryption fee usually doubles—so it is best to pay the piper early and then install the latest A/V software ASAP.
At the center of this is the new virtual currency called BitCoin. It is the preferred method of payment for ransomware attacks because there is no need to register or reveal your true identity when accepting payment from a stranger. BitCoin transactions are anonymous and entirely electronic. The US Government has opened investigations into this currency and has already arrested the BitCoin CFO.
A recent European study revealed that 2 out of every 5 Brits pay the ransom. Americans are less likely to pay the ransom, but not by much. This is certainly a trend we much watch and protect against for the computer users we represent. It is a nasty bug that comes with a financial penalty and a loss of data. Keep your eyes open and your Antivirus, Anti-Spyware, Anti-Malware and Anti-Ransomware tools up to date. In the legal vertical we have an additional concern if the threat is to release some of the encrypted data, causing a breach of client-confidentiality. That is an entirely separate can of worms worthy of a future blog post.