Your Money or your Data: Anti-Ransomware

There's little that most antivirus or malware programs can do against ransomware: software that locks down infected computer systems and demands payment.

March 11, 2016 by Andreas Krebs

Your Money or your Data: Ransomware Resurgent



RansomwareThe world's most prolific hostage takers don't carry bombs or guns. Using only keyboards, the Internet and skillful social engineering, they can do far more economic damage than their more conventionally-armed counterparts.



There's little that most antivirus or malware programs can do against ransomware: a tricky bit of software that locks down infected computer systems and demands payment of a ransom in exchange for regained access.



Varied Angles of Attack



The margin of safety against ransomware, not big to begin with, is steadily getting smaller.



While commonly spread by infected links or attachments in email, ransomware can now also propagate via “injecting ads on specific websites,” explains Alexander Vukcevic, Avira Virus Labs Director. “[The user] doesn’t necessarily have to click on the ad; just seeing it can turn him into a ransomware victim.”



Apple users – formerly secure in their belief that their OS was impregnable to malware mischief – had the smiles wiped off their faces last week when researchers at Palo Alto Networks discovered the “KeRanger” ransomware that infected Macs using a compromised file-sharing app.



And an ongoing surge of ransomware-infected emails has experts warning us against “Locky”, which encrypts compromised systems until the victims can pay three bitcoins (about $1,260). As of March 9, Trustwave Spiderlabs found a total of “around 4 million malware spams [circulating] in the last seven days, and the malware category as a whole accounted for 18% of total spam arriving at our spam traps.”



Five-Figure Stick-Up



The monetary damage inflicted by ransomware can easily ratchet up for conspicuously juicy targets.



In early February, Hollywood Presbyterian Medical Center in Los Angeles suffered a ransomware attack that locked them out of their computer systems, preventing access to everything from MRI machines to electronic records. For ten days, the hospital's staff used fax machines and handwritten notes to go about their business while the management contemplated a response.



Finally, they decided to pay the requested ransom of 40 bitcoins, or about $17,000.



“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom,” Hollywood Presbyterian's CEO explained later in a memo to the public. “In the best interest of restoring normal operations, we did this.”



No Choice in the Matter



Many other victims have done the same, as the alternative (losing all their data) is too stark to contemplate. It is very difficult, almost impossible to circumvent a ransomware attack already in progress – so difficult that an FBI special agent has gone on record recommending that victims just pay up.



“The ransomware is that good,” explained Joseph Bonavolonta of the FBI’s CYBER and Counterintelligence Program.  “To be honest, we often advise people just to pay the ransom… the amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay.”



And those successful ransom notes add up to a pretty big haul: “Between April 2014 and the end of 2015, the FBI told me it received 4,291 reports of ransomware attacks,” reports Fusion.net's Nate Berg. “Losses over that period totaled $47,907,523.84.”



Proactive Protection



Given that the state of the art has a long way to go before catching up with ransomware, users need to focus on prevention to avoid being victimized. “Prevention often becomes your by far best option. In fact, your only really good option,” explains Claus Cramon Houmann, community manager at Peerlyst. “Paying the ransom is funding attacks on your neighbours.”



Claus follows up his comments with a comprehensive list of ransomware defenses that include constant backup; constant patching of software; whitelisting, disabling Java, and running adblockers.



But while a one-size-fits-all list can be a good start, you'll need expert, tailored advice to find out how your own unique vulnerabilities to ransomware can be addressed. To get started, contact the IT experts at All Covered at 866-446-1133.