Ransomware is the latest tool in the cybercriminals arsenal but, to date, it has largely been used to target consumers.
This is the word from Carey van Vlaanderen, CEO of ESET Southern Africa, who points out that – in the last 18 months – ransomware has emerged as a serious tool for cybercriminals and has developed into a growing concern for security-savvy citizens and business chief information security offers (CISOs).
Desribed by some as the virus “that blackmails you”, ransomware essentially blocks access to your files, while simultaneously demanding payment in return for restoring access – an attack that can earn cybercriminals big money.
A large number of ransomware variants have come and gone in years gone by, from those that encrypt your hard drive in exchange for bitcoin payments, to those which simply try and scare the user into coughing up their money.
By far, the most dangerous type of ransomware this decade has been Cryptolocker, which has already infected half-a-million PCs. It was also big enough for the FBI and Europol to get involved and they eventually brought down the criminal’s computing infastructure behind the ransomware.
To date, however, most victims have been random citizens, infected by a phishing email, spam or a fake software update. It may also arrive via a drive-by-download attack on a bogus or spoofed website.
Users usually come to be infected after clicking a link or opening an attachment, and the virus will then look to encrypt the hard drive. The ransomware alert will appear on screen and cannot be minimised. At this point, the attacker(s) will request a ‘modest’ amount of bitcoins for the files to be unlocked.
The danger in paying is that there is no guarantee that the cybercriminals won’t return for another payday. The best bet is to go back to your most recent backed up files.
The question is: could ransomware be used to hit organisations that hold the most capital – that is, the banks? Up until this point, the answer has been a straight ‘no’. Banking defences are better than most other sectors, and the only ransomware to target banks was actually aimed at their customers, mainly through phishing emails.
However, recently there have been signs of change. Last month, researchers indicated that three Greek banks were targeted with bitcoin ransomware, with attackers from the Armada Collective requesting a grand sum of €21-million to decrypt the files.
And, while it was not strictly ransomware, an individual going by the name of Hacker Buba also demanded a ransom of $3-million after penetrating the defences of a small bank in the UAE bank, InvestBank. He was ultimately foiled, although his plan was to release customer data until payment was received.
These attacks are currently few and far between, but with ransomware authors creating new variants which target Window and Mac, mobile devices, YouTube ads and now, encrypt entire websites, you can be sure that bank defences will be tested by ransomware for a long time to come. The one million-dollar question is whether banks can do enough to keep them out.