Ransomware – a type of malware that locks a victim’s computer or decrypts their data, demanding them to pay a ransom in order to regain control over the affected device or files – is one of the fastest-growing types of cybercrime, writes Trevor Coetzee, regional director, South Africa and sub-Saharan Africa at Intel Security.
Over the past year, there has been a 128% increase in ransomware and, in the second quarter of 2016 alone, McAfee Labs detected 1,3-million new ransomware samples – the highest ever since it began tracking this type of threat.
Ransomware does not discriminate when it comes to victims, affecting everyone from the individual user’s PC, home infotainment system and connected car, to big businesses and hospitals. Until now, there were only two options if you had been infected with ransomware: either pay the cybercriminals or lose your data forever. Because most people and organisations can’t afford to lose their data, the easy way out was to pay the ransom, which is exactly why this is such a lucrative and rapidly growing form of cybercrime.
With the help of technology advances and global partnerships, individuals and organisations are able to take advantage of a few more options:
From a technology point of view, Intel Security has released Dynamic Application Containment (DAC) and Real Protect. DAC defeats zero-day threats, ransomware and advanced threats by using light, signature-less behaviour analysis to detect and contain malicious applications. It watches the behaviour of greyware and applies restrictions to block malicious behaviour before it can harm the system or access user data. Containment persists across reboots, and will remain in effect until DAC is request to stop containment by the contaminant requester.
By limiting the ability of unknown applications to make malicious changes to the endpoint, it protects patient zero and allows security systems perform further analysis of the unknown file, such as detonation within a sandbox or post execution process tracing. This allows for greater visibility into the behaviours of the applications that are running within the environment and the ability to identify indicators of compromise (IoC).
Real Protect combines pre-execution static analysis and post-execution behavioural analysis to stop malware based on similarities to known malicious attributes and behaviour. It applies state-of-the-art machine learning techniques to identify malicious code based on both an in-depth assessment of its static features (pre-execution analysis) and what it actually does (dynamic behavioural analysis)–all without signatures. It peels away the latest obfuscation techniques to unmask hidden threats so zero-day malware has no place to hide.
From a global community perspective, a partnership set up in July between European government agencies and cybersecurity firms saw the establishment of No More Ransom, a project that provides advice on how to prevent ransomware infections as well as a set of tools that allow victims to decrypt the data and avoid paying the cybercriminals. In fact, since its launch, No More Ransom has successfully decrypted more than 2 500 infections, keeping €1.35 million (over R20 million) out of the cybercriminals’ pockets.
Prevention versus cure
It may be clichéd, but when it comes to malware infections, prevention is certainly better than cure. While No More Ransom proves that public-private partnerships are essential in the fight against cybercrime, there are steps individuals and businesses can take to prevent being infected in the first place:
* Start with prevention: Beware of drive-by downloads and phishing. Cybercriminals will find stealthy and devious ways to slip malware onto your devices. Pop-up ads, emails disguised as coming from reputable sources, and other tactics are all common. So be careful before clicking on any links or downloading anything that appears suspicious. You can also install a comprehensive antivirus solution, like McAfee consumer or enterprise solutions to ensure your security across all devices.
* Back up, and then back up some more. Any important files, such as Excel sheets with financial data or files with personal records, should be backed up before a disaster hits. Either a cloud service or an external hard-drive will do, but just be sure to avoid unsecured USB connections or cloud providers.
* Use decryption tools. No More Ransom has a suite of tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and select the right one to help you retrieve your information.
New forms of ransomware emerge almost daily, which makes partnerships like No More Ransom so important for creating awareness, educating the public on proactive measures to prevent infections, and creating tools to return data held hostage. Without taking a stand, ransomware will continue to fund criminal activities and motive cybercriminals to invest more in these types of attacks.