Europol, the EU’s law enforcement, has teamed up with Russian-based Kaspersky Lab and U.S. tech giant Intel to take strong action against the proliferation of ransomware attacks. Dubbed No More Ransom this cooperation of IT security companies and international law enforcement represent a major step in dealing with ransomware’s massive upswing. Kaspersky Lab research provides that the number of users victimized by ransomware attacks have exploded five and a half times in the last year from about 131,000 cases in 2014-2015 to 718,000 in 2015-2016 .
Ransomware vs. Traditional Data Breaches
The majority of those infected by a ransomware attack become aware of the breach within the first hour of infection, because of the nature of the attack. Since the purpose of ransomware is to hold a computer or mobile device’s data for ransom, it’s necessary for the cyber-thief to actually make a demand for payment. With this overt demand, and the fact that infected PCs or mobile devices no longer function as they should, infection becomes obvious enough to the victim in short order. This stands in contrast to a traditional data breach where a hacker intends to remain undetected while siphoning off as much of the targeted data as they can. These types of attacks can often occur either repeatedly or in a sustained fashion over the course of many months.
Action & Prevention
Europol stresses that prevention by following simple cybersecurity advice is the preferred route for those who wish to safeguard their data, with a genuine decryption cure being very difficult.
Europol officials stated, “If you are infected, the chances are high that the data will be lost forever.”
This joint public-private program NoMoreRansom.org goes on to discourage the option of actually paying the ransom in an attempt to retrieve lost data and functionality. Submitting to the shakedown of course only encourages further ransoms, and additionally since you are dealing with criminals, paying up does not offer any guarantee of actually retrieving the lost data. As a sort of consolation, NoMoreRansom.org also purports to be occasionally able to regain access to encrypted files without having to pay the ransom. They have created apps and keys that can potentially decrypt files that have been locked up by some of the more commonly used ransomware programs.
Online IT security magazine Securityweek.com recently surveyed members of Spiceworks, an online community numbering over a million account holders catering to IT expert. Interestingly, one of the major points of agreement among these IT professionals was their resistance to actually paying the ransom. Respondents offered different reasons for their view that refusing to pay is the preferred option, with most remaining unconvinced that bowing to the ransom taker’s demands would actually yield the positive result of data recovery. Many others felt that restoring their systems from well-maintained backups would be an adequate method for recovery, and indeed creating an effective backup strategy remains the most recommended strategy for organizations looking to mitigate the effects of potential ransomware attacks.
New and existing ransomware tools such as Locky, Satana, Teslacrypt etc. are constantly emerging with improved abilities including the ability to remain hidden and spread throughout targeted systems. Combating this trend will take time, effort and a cache of new tools and training to help individuals and organizations combat this growing trend. Innovations in public-private corporations such as No More Ransom may prove to be a step in the right direction. This more open system allows for greater contribution from multiple new partner sources. Learn how to become a part of preventing and combating ransomware, click here.
Author: Jeffrey Sabranek