Why Is Ransomware The Deadliest Of All Online Threats?


Now, more than ever, a recent report suggests that India ranks second in ransomware attacks, this does not come as a surprise to many, especially the industry experts, considering that the country’s current state of digital security isn’t geared up to handle the emerging threats. It’s very likely that India tops the list soon, considering the rapid growth of ransomware. To compound it, the growth in “Internet of Things” (IoT) industry and the vulnerability towards cyber infections will further fuel new types of malware threats.

We had reported earlier in our findings that over 180 Indian companies were victims of Ransomware online extortion schemes in the first six months of the year 2016, causing a loss of whopping $3 billion. However, the latest industry reports show a rather grim picture around Ransomware - the findings indicate that businesses in India are most at risk to cyber security attacks globally, with organizations in the country experiencing the highest number of weekly security incidents of all Asian countries surveyed (14.8 per cent).

At the heart of it, Ransomware is a class of malware that’s designed for moneymaking with clear criminal intent. The modus operandi seems very simple - it can be installed through deceptive links in an email message or phishing, instant message or a website, and has the ability to lock a computer screen or encrypt important, predetermined files with a cyber-criminal generated password, remotely.

The puzzling part about Ransomware is that, no matter what the situation is, even if the ransom is paid, there is no guarantee that computer users will be able to fully access their systems ever again. The criminal may flee with the money and the files- both! While some hackers instruct victims to pay through Bitcoin, MoneyPak or other online methods, attackers could also demand credit card data, adding another level of financial loss altogether. Cryptolocker, Petya and Dogspectus are three of the major ransomware making their presence felt strongly.

Just like kidnapping for ransom, it’s a virtual kidnapping of data where information is kept as a hostage and money is demanded in exchange of freeing the hostage. We all know how much damage a data breach can cost- monetarily as well as reputation wise.

Once a ransomware attack strikes, clicking of files yield no results. The malware has corrupted the files and converted them into foreign MP3 files or an encrypted RSA format. And then, the victim gets a note in a text file or HTML file: “Help_Decrypt_Your_Files”. In a majority of the cases, once ransomware enters a system, there is no way a user can remove it without losing some files or data, even if one pay the ransom.

Of late, ransomware has even left behind advanced persistent threat (APT) network attacks to grab the numero uno spot in the list of deadliest cyber crimes. Ransomware is fast evolving in form and increasing in number as well, thereby making it more difficult to protect against it.

Why ransomware is on the rise 

Most cyber criminals are direct victims to pay off the ransom through bitcoins. Now bitcoins are a decentralized form of digital currency that no one really controls which makes the payment process anonymous and therefore untraceable by law enforcing agencies. This proposition therefore looks tempting to fraudsters. Also, the sudden upsurge in malware-as-a-service is a major factor which is contributing to the rise of ransomware attacks. The reason is such a service allows just about anyone to infect a system and demand ransom.

Then, there is also another business model known as ransomware-as-a-service (RaaS) where criminals themselves pay up a sum of money for the proliferation of malware or commit a percentage of the ransom which is paid by a victim, to spread the ransomware further into the World Wide Web.

Thus, not only are ransomware and their types are multiplying everyday but also, each new version is even deadlier than their previous versions. Each version has some properties that are unique to that version alone. This is scary because what is means is, if someone finds a solution to block or erase one version of a malware, that same solution may not work for the newer versions. However, a vast number of ransomware variants are still utilizing the same type of encryption technologies to infect systems. And what’s more, these encryption technologies are not just limited to common ones like Tor or I2P communication, but beyond.

Sophisticated threats

Malicious ransomware programs are getting sophisticated by the day. When ransomware first started appearing, it would often comprise of a message informing the user that his or her system has been infected and would require to be cleaned used a counterfeit antivirus software. Today’s ransomware attacks are no more that simple.

Few years back, our own researchers reported on the Chimera crypto-ransomware, which encrypts files and threatens to release them into the Internet if the ransom isn’t paid. Not only is access to the computer restricted, but the user believes that personal data could potentially spread to the wind if he or she doesn’t pay the Bitcoin amount. Trend Micro’s analysis showed that despite this threat, the program doesn’t actually have the ability to disseminate personal information in this manner. However, the general computer user doesn’t know this – which gives him or her more incentive to actually pay the requested amount and become the unfortunate victim.

It is a widely accepted that, going forward Ransomware attacks will not only target end points like PCs but also focus on making lateral moves from these end points to other critical information assets within the organization, linking to the network This will put an organization’s critical corporate data or mission critical information at vulnerability point as well. The threat is real and is of epidemical proportions, but so are the ways in which such attacks can be prevented, contained and mitigated. Tools, processes, awareness and people can do that efficiently.

[Disclaimer: The views expressed in this article are solely those of the authors and do not necessarily represent or reflect the views of Trivone Media Network's or that of CXOToday's.]