The Unsettling Rise Of Crypto-Ransomware


It’s a form of hacking that has proliferated so greatly because it requires scant technical expertise.

Image: Bilal Kamoon / Via Flickr: bilal-kamoon

Earlier this month, a half-dozen Maine police departments found themselves at the center of a very unusual hostage situation. To begin with, they had no idea where the kidnappers were hiding. Also, they had absolutely no negotiating leverage. And if they wanted to plumb their files to research the case, they were out of luck—their computers were locked; unusable.

They were being held for ransom.

The Maine computers had been infected with crypto-ransomware, a family of malware that slithers onto a hard drive, encrypts it, and then demands a time-sensitive monetary payment, usually in bitcoin, to decrypt the data. Failure to pay by the deadline results in either permanent destruction of data — whether that's police records or that screenplay you've been working on for years — or a raised ransom. Infected computers look like this:

Ransomware is a decades-old technology that has enjoyed a resurgence among hackers because of its ease of use, its profitability, its recent confluence with cryptography, and its devious effectiveness. In the past couple of years, it has it become widespread. Those Maine cops weren't alone: Police departments from Massachusetts to Illinois have admitted in recent months to having been infected by crypto-ransomware; and hundreds of thousands, if not millions, of private citizens have dealt with the same. In the first six months after it emerged in September 2013, Cryptolocker ransomware infected more than 200,000 computers security researchers estimate. Over one six month period last year, Dell researchers tracked another variant, CryptoWall, that infected some 625,000 machines and netted $1,101,900.

Crypto-ransomware is both effective, and surprisingly easy for hackers to control — it doesn't take complex skills or super specialized knowledge to deploy. You can just buy it like you would Microsoft Office, or Candy Crush. Over the past year, the rise of so-called “affiliate lockers” —crypto-ransomware that is built and then sold in hacker forums — has enabled almost anyone with time, money and basic technical competence to run their own extortion campaign. Then, all that's left is tricking someone into installing it on their computer. Once it's on there, you're fucked. You either have to pay up, or your drive stays decrypted. Hope you made a backup!

The attacks happen constantly; just this past Tuesday, the SANS Internet Storm Center reported a massive wave of emails bearing ransomware downloaders. A single company, the managed cloud computing firm Rackspace, reported over 5,000 employee email addresses receiving the messages again and again — every ten minutes; and that's a tiny fraction of the total. From there, all it takes is a faulty spam filter and one person to open an attachment for the ransomware to set up shop.

Crypto-ransomware is ubiquitous because it works. It asks average people to assign value to something that may be close to priceless, their data, and typically sets the price for the decryption low enough that there is no real choice. The Maine police departments paid $300 in bitcoin to regain control of their computers.

“Imagine yourself as a user,” Santiago Pontiroli, a security researcher at Kaspersky Labs, told BuzzFeed News. “You have all your files encrypted — your family pictures — you check the price for the ransom and it's 300 dollars. So you put it on a scale, the price of your files and the price of your ransom. Most people will pay.”

Most people may be a stretch; According to that Dell SecureWorks report on CrytpoWall, just .27% of those 625,000 infected computers paid up. And in an AMA on r/malware earlier this year, a Redditor named redditCTB claimed that 5 to 7 percent of the users he infected with CTB-Locker (the virus pictured above) paid the ransom. Still, that yield was enough to net redditCTB $15,000 a month, he claimed.

Indeed, ransomware can be astonishingly profitable. According to the 2015 McAfee Internet Threats Predictions, a single instance of the CrytpoLocker ransomware made over $250,000 in one month. The CryptoWall resulted in a total of over $1,000,000 in paid out ransoms.

“Cyber-criminals have shifted their focus from showing how technically skilled they are to maximizing their profits,” said Santiago Pontiroli, a security researcher at Kaspersky Labs. “This is organized crime.”

It's a form of hacking that has proliferated so greatly because it requires scant technical expertise. According to Pontiroli, finding the kits to buy may be the most challenging part of the entire process; redditors denigrate redditCTB as a “kiddie” in his AMA, a reference to his lack of skill.

The earliest ransomware, which traces back at least to the late 1980s, took much more effort. Dr. Joseph Popp, a Harvard-trained biologist, mailed thousands of floppy disks that purportedly contained new information about the AIDS virus to the attendees of a WHO conference. Instead the program on the disk encrypted data on the computers and demanded a payment by mail to a PO Box in Panama:

View Entire List ›


Source link