With a new year comes new ways for hackers to attempt to gain access to personal data. For 2016, the oncoming threats are older malware wearing new robes, so to speak, and companies are going to have to find new ways to improve cyber security. One of the ways hackers can infiltrate systems is via the use of ransomware. This is a malicious program that locks up a device until an amount of money, usually in Bitcoin, is paid to the perpetrator of the hack.
According to Security Magazine, the number of ransomware attacks is predicted to increase in 2016. More than 4 million samples of ransomware were identified in the second quarter of 2015, indicating an upward trend, as in the third quarter of 2013, fewer than 1.5 million samples were analyzed. It follows that as 2016 progresses, that number is only going to up. For instance, The Atlantic recently reported on a string of attacks that impacted small police departments in Massachusetts, Tennessee and New Hampshire, where hackers extorted $500 to $750 for the departments to regain access to their critical, encrypted data.
Trend Micro's analysts also predicted that ransomware would see an increase in the coming year. It's especially important to note that as the world becomes more connected with the rise of the Internet of Things, this gives hackers an even wider avenue of attack.
The problem with ransomware
These kinds of malicious programs are getting sophisticated. When ransomware first started appearing, it would include an alarming message telling the user that his or her computer had been infected and would need to be wiped clean with a (fake) anti-virus software, according to The Atlantic. Now, however, those first-generation attempts at ransomware seem tame in comparison to the monsters of today.
Late last year, researchers at Trend Micro reported on the Chimera crypto-ransomware, which encrypts files and threatens to release them to the Internet if the ransom isn't paid. Not only is access to the computer restricted, but the user believes that personal data could potentially spread to the wind if he or she doesn't pay the Bitcoin amount. Trend Micro's analysis showed that despite this threat, the program doesn't actually have the ability to disseminate personal information in this manner. However, the general computer user doesn't know this – which gives him or her more incentive to actually pay the requested sum.
Ransom32
Already this year, ransomware attacks have been rampant. The Register reported in early January about a new form of what is now being called "ransomware as a service." The program, called Ransom32, uses AES encryption with a 128-bit key to lock up files and extort Bitcoins from unsuspecting users. The timeline given is four days, at which point, if the payment isn't made, the price of decryption will increase to 1 Bitcoin, or $350 according to the ransom message.
Ransom32 has so far only been reported on Windows machines. It was created using Javascript, which marks a difference between this and other ransomware. An underlying NW.js application is the driving force behind the program.
"NW.js allows for much more control and interaction with the underlying operating system, enabling JavaScript to do almost everything 'normal' programming languages like C++ or Delphi can do," said Emsisoft's Fabian Wosar.
Ars Technica's Sean Gallagher noted that Ransom32 is different from other malware of the same vein. The ransomware-as-a-service aspect of this code marks the biggest deviation from the norm, as it is being peddled to would-be hackers as a complete package. In other words, instead of having to develop their own malicious code, less tech-savvy cyber criminals are able to purchase a program with which to inflict these kinds of problems. The sellers of this service simply ask for a percentage of the profits and for an upfront purchasing fee.
This makes the problem of ransomware even more important, because this means more instances can be created and used by inexperienced hackers. The aforementioned predicted increase in these types of attacks becomes increasingly clearer – because of the wider user base of these ransomware-as-a-service programs.
What can be done?
How do companies and individuals protect themselves from these types of malware? It's crucial to invest in the right kind of security solutions so that ransomware like Chimera and Ransom32 don't infiltrate systems and cause irreparable damage to machines and reputation alike. In order to protect computers and data from attacks like these, businesses and personal device users should first educate themselves about the malicious programs that are out there – and then invest in threat protection solutions that can make a difference in the level of protection these personal and business machines have.
As ransomware looms large on the horizon for 2016, security software solutions like Trend Micro Security offer the right kind of protection for individuals and businesses. Contact Trend Micro today for more information.
