The saying goes: “everything old is new again.”
There’s truth to that saying when it comes to online threats.
This is something to be concerned about because the latest versions of ransomware are very sophisticated. That means that a successful ransomware infection can be very painful for you.
What is Ransomware?
Ransomware is a particular kind of malware that takes control of your system or your data away from you and refuses to give it back unless you pay the cyber-criminals behind the attack. Basically, your system or data are being held hostage and you have to pay them ransom. That’s why it’s called “ransomware.”
Ransomware has been around for ten years now. The first versions of it were seen back in 2005 in Russia.
Since then, ransomware has spread around the globe and developed many different versions. Some forms of ransomware would falsely claim to be from the local police agency: the ransom would be presented as a “fine” that the user had to pay right away. Some more sophisticated forms of this “police ransomware” would present itself in the user’s local language. Some forms would even include an audio message in the user’s local language.
In the past year and a half, we’ve seen a particularly nasty version of ransomware called “Cryptolocker.” This version will encrypt the files you care about and offer to decrypt them only if you pay a ransom. The encryption that Cryptolocker variants use is nearly unbreakable, so users have the unenviable choice of either paying money to an attacker (who may or may not actually decrypt their files) or losing their data.
Ransomware has been so successful that it’s even made the jump from the PC to Android.
What’s Happening with Ransomware Now?
In the past two months, our researchers have seen an increase in Ransomware on the PC once again. The Ransomware threat seemed to lessen in 2014, but it seems to be coming back again. Our researchers have seen an increase in Cryptolocker-type attacks in Europe in December. We’ve also seen a return of a particularly nasty and effective form of ransomware called “Reveton” in December. Meanwhile, in Australia, we’ve seen a new variant of the Crytpolocker-style of ransomware called “Torrentlocker”. And another Cryptolocker-type of ransomware has cropped up in the past month called Critroni or Curve-Tor-Bitcoin (CTB) Locker.
You can see how TorrentLocker works in this video that our Trend Micro researchers have put together with Deakin University researchers in Australia.
The latest generation of Cryptolocker-type ransomware features some innovations meant to increase the likelihood that you’ll pay the ransom and so give the cybercriminals what they want: your money. These latest versions give you more time to get the money together. They also offer to give you one or more of your files back as proof that they can do it. You can almost think of that as a classic “proof of life” for your data, showing that it really is still there.
Even with these innovations, at its heart, ransomware remains the same: malware that takes control of your system or files and refuses to give it up unless you pay the attackers money. And there’s no guarantee that they’ll give it back even after you pay them.
What Should You do About Ransomware?
The fact that ransomware is making a comeback isn’t surprising. In February 2013, a key figure behind the Reveton ransomware was arrested and that led to a decrease in ransomware as an active threat. In June 2014 the CryptoLocker/GOZ takedown by International Law Enforcement agencies also disrupted the worldwide distribution of this threat. But ransomware declined because someone was arrested, not because it didn’t work anymore. So it was only a matter of time before someone else came along and started using ransomware again.
Ransomware isn’t going away anytime soon and it’s already spreading effective to other platforms like Android. Because ransomware can effectively destroy your files once you’re infected, this is a particular threat where the best thing you can do is make sure you don’t ever get infected in the first place. The best way to protect yourself against ransomware is to keep your system up-to-date, run a full-featured security package, be careful what attachments you open. And, in particular for ransomware, keep your system regularly backed-up: a good backup can help you recover from a successful ransomware infection.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.