Ransom-ware: Can pay, won’t pay
The FBI’s Joseph Bonavolonta had some shocking news about ransomware for Boston’s Cyber Security Summit last October. “To be honest,” he said, “we often advise people to just pay the ransom.”
Cyber-security blogs everywhere exploded at the advice, but a lot has changed in the past six months. A constantly-evolving array of ransomware campaigns roam free, “taxing” online life. One big problem is that there’s no way of knowing what the ransom payments are being used for.
Is the money funding a criminal’s easy life? The development of even worse malware? ISIS, perhaps? After further thinking the FBI is now telling people not to pay up.
The question for most of us is, what happens if you don’t pay? To find out, we infected a specially-prepared Windows test system.
Infection time
When we test anti-malware products we find the latest threats that we believe affect most people. These are often automatic ‘drive-by’ attacks, that use exploits to install malware such as ransomware on victims’ computers without requiring user interaction. You just have to visit the site and the attack starts and runs to completion. No clicking required.
For this demonstration we exposed our target, which was not running anti-malware software, to an infected website. After a few minutes of apparent inactivity a pop-up message explained that svchost.exe needed to be installed. We clicked to accept the change and… Bingo! An infection swiftly ensued, turning all of our important files to gibberish and leaving them sporting the dreaded .crypt file extension.
In the background the malware also scanned the local subnet for any other unprotected file shares. This being a test network, there were none, but in a real situation every file you can access on your local network can also potentially be accessed by ransomware. Your movie collections or business files stored on a Network Attached Storage (NAS) device are definitely at risk.
This knowledge is vital when assessing the extent of an attack. If your smartphone is plugged in, it could be at risk. Your carefully curated media server could also be affected, as could your cloud storage.
Reboot!
Assessing the Damage
Protect and Survive
10 ways to stay safe
- Install a good anti-virus product. Our reports show which are the most effective for businesses and home users. Our work is independent and we only test against current threats, which we catch ourselves in-house.
- Educate yourself to treat everything in your inbox as a lie. Even if the sender is known to you, double-check with them before opening attachments.
- Switch on automatic updates for all software, including Windows, your antivirus software, your browser, Java, Adobe products, etc.
- Regularly download a boot-able rescue disk from your chosen anti-malware provider and let it run overnight to thoroughly examine your computer. Most rescue disks will boot from USB.
- Never install ‘updates’ just because a website tells you to. This type of trickery is a very common infection vector for ransomware.
- Consider installing a browser plug-in such as the excellent NoScript for Firefox to prevent JavaScript from automatically running from unknown domains without your explicit say-so. And consider disabling Java in your browser.
- Don’t download cracked copies of commercial software, ebooks or media. Again, this is a very common infection vector.
- Never use a USB drive you find in a public place. You simply can’t trust them or their content.
- Ransomware will try to infect every share to which it can write. Only mount shares as and when needed, and always protect them with passwords. If you don’t need write access, mount as read only.
- Above all, get into the habit of performing regular backups to removable media. For a home user, a backup is as simple as dragging and dropping a folder structure (and ejecting afterwards!) onto a freshly quick-formatted USB drive. Use two USB drives and swap between them.