The Rise of Ransomware
Lately the issue of ransomware made it to the news again. Ransomware can be defined as: “A ransomware is a kind of walmare which demands a payment in exchange for a stolen functionality” (Gazet, 2008). McAfee Labs (2015) reported that ransomware increased by 165% in the first quarter of this year, mostly targeting small to middle companies. Ransomware has become more effective due to new families named CTB-Locker, Teslacrypt, new versions of TorrentLocker, Bandarchor and Teslacrypt, the improved quality of phishing mails and new technics to avoid security systems.
The act of ransomware can be divided in three phases (Gazet, 2008):
- Seek target: document formats like doc, zip, odt etc. are the most targeted files as ransomware because these files most likely contain personal data.
- Extortion: the blackmailer tries to get power over the authors, who lose access to their information and get their files encrypted.
- Display ransom message: finally the blackmailers write a text file whereas they ask for money in exchange for stolen files. (Gazet, 2008).
However, last week a big online criminal operation that had the estimated worth of $30 million per year through the use of ransomware was taken down. It was Cisco System’s Talos security unit that was doing research on the Angler Exploit Kit, a distributor of ransomware that takes over personal computers and its files. It has been the most effective kit in the past year, taking responsibility for up to 40% of ransomware’s victims (Reuters, 2015).
Despite the fact that it is a great progress capturing one of the biggest distributors, there are still other programs out there targeting victims. The main question here is whether to pay or not to pay in case you become a victim of ransomware.
For me, it definitely depends on the importance of the files that have been encrypted. Right now, I don’t have many important documents that I’ll be willing to pay a sufficient amount for. However I can imagine if companies lose crucial files, they take the risk of paying the ransom.
Nevertheless, it is still recommend not to pay for these files as there is no insurance of actually getting the wanted data. What is your opinion about this topic? And what would you do if you were in this situation: pay or not pay?
Gazet, A. (2010) “Comparative analysis of various ransomware virii”. Journal in computer virology, 6(1). pp.77-90.
Reuters (2015) Cisco security researchers disable big distributor of “ransomware”. Available at: http://economictimes.indiatimes.com/tech/ites/cisco-security-researchers-disable-big-distributor-of-ransomware/articleshow/49244252.cms [Accessed 13 Oct. 2015].