Dependency on Data
As modern Americans, it has become incredibly common to rely on our computers and mobile devices in all aspects of life. We depend on our phones to track our contacts, how to call them or message them, whether or not we have email, and even do banking and investing from them. Desktop and laptop computers provide entertainment as well as handle taxes, household bills, the holiday mailing list, photos of the kids, and memories from travel. These are all types of data that we come to expect will be there for us whenever we need, and stay out of our mind when we don’t.
Have you lost your phone? Or had your computer die? It is painful when we realize that what we rely on all of a sudden isn’t there. With tax season coming to a close and more and more people utilizing mobile and electronic devices for critical functions like banking and paying bills, it’s important to remember that all the information that supports those functions lives on that device. Without that data, living like we are used to is gone.
Spyware, Malware – Not Just for Ads Anymore
When the internet really got off the ground, one of the first things that nefarious people started doing was pop-ups and unwanted advertisements. These were annoying, and generally designed to get an unsuspecting victim to click on them, which increased the amount they were paid for providing those ads. Successful counter-measures such as pop-up blockers made this method of attack relatively minor over the years.
As the internet progressed and people got more savvy to that attack vector, attackers evolved to other business markets. They started focusing on data collection, looking to steal private information like credit card and banking accounts, social security numbers, and the like. These the attackers would then sell on black markets to identity thieves looking to use validated IDs and accounts. Banks, credit card companies, and even regular internet users eventually became better at spotting these items, using software such as Symantec Anti-Virus / or Trend Micro Anti-Spyware, preventing most of these attacks from getting a foothold.
Over the last several years however, a new method of capitalizing off of unsuspecting internet users has surfaced. These attacks are much more aggressive, and are designed to exploit the one thing we have come to rely on most often: access to our own private data. The attacks are known as Ransomware, and all follow a similar pattern:
A computer system is exploited through some method (malicious email, unpatched software, visits to the wrong websites, infected advertisements).
- Once exploited, the software generates an encryption key that it then uses to encrypt all files that it wants to, generally aimed at personal documents (Office documents, emails, text files, pictures and movies).
- Once it’s done that, it provides a warning to the end user that their data has been irrecoverably damaged. That is, except if you pay them.
- They then provide a mechanism for paying them through an anonymous method (often Bitcoin), in order to get the ability to regain your data back.
Sometimes, if you pay, you can get an actual valid key. Most of the time, they say thanks for the money and leave your data gone. Even if you get the key and it properly decrypts the data, most likely the software will re-kick-in and re-encrypt the data in a little while. After all, if you paid once, you’ll probably pay twice. It’s electronic extortion. And in general, they are absolutely right. Once encrypted by their software, there’s not any feasible way to recover the data.
The biggest thing that these new techniques rely on is the possibility that the data encrypted cannot be recovered without paying the ransom. In most internet user’s cases, this is actually true. The user may only keep their pictures on their laptop, and move more pictures off their camera every time the card is full. These ransomware attacks can make 15 years of photos disappear and never be retrievable.
If the information is on two computers, and only one has its data destroyed, then the victim could just clean off the exploited computer (properly, with technical help if needed), and then just copy the data back over to the attacked computer once it’s clean. This is exactly what backups are for. Backing up your data from one computer to another, or using a secure cloud service like CrashPlan, helps ensure that if your data gets destroyed, either maliciously or the also common “Oops, I didn’t mean to delete that”, you can recover your data to a recent version that wasn’t destroyed.
One of the big things to realize though is that, in ransomware specifically, backups to things like a portable hard drive is not generally enough if the drive is left connected to the computer all the time. Ransomware makers know that victims may backup their data, and watch for stuff like portable drives. Therefore, if backing up to those, do a backup and disconnect the drive until the next backup is needed. Otherwise, your backup may end up encrypted too, and that defeats the purpose.
For more information on Ransomware, please feel free to visit the following sites for suggestions on preventing or preparing for an attack, as well as other standard internet security practices that help keep your daily activities online safe.
- Symantec: http://www.symantec.com/connect/blogs/ransomware-how-stay-safe
- Provides a nice high-level overview of ransomware, including decent real world prevention techniques.
- Trend Micro: http://www.trendmicro.com/vinfo/us/security/definition/Ransomware
- For the more nerdy folks. Includes a list of known ransomware variants and a pretty in-depth history of the technique and its effects.
- FBI: https://www.fbi.gov/news/stories/2015/january/ransomware-on-the-rise/ransomware-on-the-rise
- Simple summary of a government survey that looked at ransomware behavior.