Throwback Thursday: What is this ransomware thing?

Version imprimable, PDF et e-mail

It's hard to believe that only a few years have passed since ransomware started creeping in to the collective consciousness of the IT industry.  In 2014 we talked about the dangers of the “Cryptolocker Trojan” and how to prevent or respond to an attack.  The Bleeping Computer thread that we reference there is now an interesting microcosm of the emerging ransomware threat:

When the 230-page thread tapers off in 2016, it's only because newcomers are directed to other threads dedicated newer versions of the threat. 

Cryptolocker victims weren't the first to be hit by ransomware; AIDS ransomware was spread via floppy disks to unsuspecting PC users back in 1989.  Modern ransomware was discovered in 2005 in the form of Trojan.GPCoder, which encoded files and delivered this message:

Some files are coded.

To buy decoder mail: [user]

with subject: PGPcoder 000000000032

Ransomware has come a long way since then.  Last month Malwarebytes reported (pdf) that Cerber Ransomware now owns 87% of the ransomware market.  This is likely due to a combination of factors, including the mysterious disappearance of Locky and the RaaS distribution model of Cerber.  The Cerber ransomware is getting smarter too; it evades AV solutions that use machine learning and it detects sandbox detonation.  In short, it learns to avoid your learning systems.  See this SecurityWeek article for more on the topic.

The FBI reports that ransomware criminals brought in nearly $25 million in payments in 2015, and that payments were expected to reach $1 billion in 2016. A recent report from Symantec states that the average ransom went up from $294 to more than $1000 in that same time frame, and more than 60% of victims are willing to pay.

This global threat has brought about a global response.  Organizations like No More Ransom are helping victims recover with minimal loss, and the IT security industry is showing unprecedented collaboration with law enforcement in order to stop these criminals.  Even if you are an individual user and not attached to a business network, you can help with this effort to stop ransomware:

  • Keep your endpoint antivirus and anti-malware solutions up to date and scanning in real time.
  • Know the warning signs for phishing, malware, and compromised websites.
  • Keep a current and reliable data backup.
  • If attacked by ransomware, try a free decryptor from No More Ransom or a similar organization.
  • If you cannot decrypt files, try to restore from backup.
  • Regardless of whether you pay the ransom, be sure to close any gaps the attack revealed in your security or your data backups.  Once you've paid a ransom, there's no reason to think you won't be a target for a larger ransom later.
  • Remember that ransomware is a crime, and you should always report the attack.

If you'd like to learn how Barracuda can help your company protect itself from ransomware, visit our website here.

Remonter en haut de page