In film, hackers are often shown as hooded figures pounding away at a keyboard in a dark room, or perhaps a room filled with thousands of flashing lights, and the character proclaiming to his or her companions triumphantly, "I'm in!" Sometimes, hackers are shown to be the "good" guys, always with some kind of big-picture goal like stopping nuclear war ("WarGames") or as a counter-attack to the "bad" hackers ("Live Free or Die Hard").
In reality, hacking is nothing like that. Malicious actors develop code and then send it into the world to wreak havoc on hundreds or thousands of machines, most of the time with the purpose of siphoning money from unsuspecting users. These hackers use a variety of methods to achieve that goal, sometimes employing social engineering techniques or phishing scams to get Internet users to unknowingly download cache-clearing malware onto their systems.
One of the most prevalent ways hackers trick people out of money, however, is by creating and deploying ransomware. Malicious code infiltrates computer systems and encrypts all of a user's data, effectively locking it away so that it can't be reached. A message is then sent to the user, demanding some form of payment – usually in bitcoin – that the user must then pay or risk hard drive deletion.
Do you want to play a game?
A recent strain of malware seemed to take cues from a popular Hollywood film series. According to ZDNet contributor Charlie Osborne, a ransomware called JIGSAW has recently entered the scene. It was originally labeled BitcoinBlackmailer.exe and was built on March 23, 2016. It worked like a normal piece of ransomware – which means if a victim downloaded the malware, it would encrypt user files and force the unwary Internet user to pay a fine in bitcoin in order to regain access to the content.
There was something different about this malware, however. The ransom note presented somewhat of a more sinister front to those who unwittingly downloaded it. Trend Micro researchers reported that this crypto-ransomware would be delivered via a free cloud storage service called 1fichier.com. Once the file had been downloaded onto a computer, a ransom note would appear, along with a picture of the antagonist from the popular "Saw" movies.
"Reminiscent to the horror film Saw, this malware toys with users by locking and deleting their files incrementally," Trend Micro researchers wrote. "To an extent, it instills fear and pressures users into paying the ransom. It even comes with an image of Saw's very own Billy the puppet, and the red digital clock to boot."
So the longer you delay paying the price, the more the ransom will be, all while Billy the puppet looks on with his creepy face. In effect, the program uses fear to manipulate the user into paying the ransom. In addition, every time the computer or process is restarted, the malware deletes 1,000 files. The Trend Micro researchers reported that this is the first ransomware strain with a routine that creates a copy of all the user's files and then encrypts these copies into .fun files. From there, JIGSAW deletes the original files. Within 72 hours, if the ransom hasn't been paid, all of the files are deleted.
Crypto-ransomware represents a critical risk. Businesses and consumers alike – whether or not you're a fan of the "Saw" movies or '80s cult hits like "WarGames" – can be hacked and extorted for their hard-earned money, and programs like JIGSAW pose no small danger. Especially in a business setting, having all of your data deleted can be a disastrous event that you probably wouldn't be able to bounce back from.
"The infection rates are small and the return seems to be poor," Osborne wrote about JIGSAW. "However, the functionality of this new type of ransomware is still worth noting. As cybercrime becomes more sophisticated and tools are developed, even those with a lack of skill can cash in – and [JIGSAW] is a prime example of how ransomware may end up evolving on a wider scale in the future."
The more "mundane" versions of crypto-ransomware are still dangerous to systems worldwide. Recently, a tool designed to allow users to bypass the CryptXXX malware stopped working. The tool, developed by Kaspersky Lab, provided what basically amounted to a "get out of jail free" card using some of the flaws in the crypto-ransomware – it allowed users to decrypt their files without paying the $500 fine. However, Ars Technica reported recently that the creators of CryptXXX found a way to circumnavigate the Kaspersky solution. This is a clear indication that quick fixes for malware intrusions on your hard drive are never permanent solutions – so being proactive about backing up your data is the name of the game.
What's the answer?
Ransomware is an increasingly big problem. It doesn't matter whether you need to protect one individual computer or hundreds of devices on a corporate network – if JIGSAW or other malware like it infiltrates your systems, you could lose hundreds or thousands of dollars.
Protecting systems from ransomware is critical, especially as hackers become more creative with their schemes. Following the 3-2-1 rule and making sure to back up your data is integral in situations like these. Don't let hackers play games with your hard drive – instead, invest in smart cyber security solutions.