New developments in ransomware: And it’s bad news

When hackers steal data, it’s a crap shoot. Maybe they’ll find valuable information they can sell to an interested party, but they may not get good info or have interested customers. So to get around that, a new trend is taking place – one that’s an easy payday for them, and a nightmare for IT and your users.

The age of “ransomware” would seem to be upon us. This is when hackers attack systems and insist companies or users pay up or face more damage.

The most notorious of these attacks was Cryptolocker. Users’ files were encrypted, and they were warned they’d have to pay $300 by a deadline or face having them remain encrypted forever.

Well, a similar program is also on the loose now – this time going after mobile devices.

Different, but still ransomware

In one case, a malicious app is automatically downloaded when users visit adult websites on Android devices. The app repeatedly opens itself every five seconds, giving users a message from a fake law enforcement wing that their phone has accessed illegal porn and will be locked out for evidence until they pay $300.

Unlike Cryptolocker, this malicious app doesn’t actually lock out users’ phones. But it disables the “Back” button and keeps reopening until users pay up.

The combination of embarrassment and going after a phone is a powerful motivator for users to pay up. And while you may not be worried about users visiting these sites on work devices, it indicates that ransomware has moved beyond desktops to Android devices.

Blackshade crackdowns

In related news, 90 hackers were recently arrested worldwide in a crackdown on Blackshades malware. This program was incredibly cheap – just $40 on the black market – and allows hackers to remotely control users’ systems.

So far, confirmed uses have included:

  • stealing files and data
  • using keyloggers to record users’ passwords, and
  • activating computer webcams to spy on users.

What makes Blackshades especially dangerous is that it’s easy to use and hard to detect. You don’t have to be a criminal mastermind to work it, so even amateur hackers can get valuable information from it.

And many are using it as ransomware, too. Rather than just stealing the info, they’ll often try selling it back to users – or bribe them with photos taken using the webcam. A warning appears to users informing them:

Your computer has basically been hijacked, and your private files stored on your computer has now been encrypted, which means they are impossible to access, and can only be decrypted/restored by us.

Again, this is designed to get users to pay up first, ask questions later.

Money may not make it go away

Lost in the alarming headlines about these attacks is an unpleasant truth: Paying up the ransom is no guarantee of security.

There’s nothing to stop hackers from leaving malware on the systems, asking for increasingly higher ransom payments or stealing and selling data anyway.

All of which makes protection and prevention the top priority.

Here are three keys for keeping users safe.

Avoiding ransoms

  1. You’ll want to make sure users understand these threats. Explain to them what encryption does and how it can be used for their protection or against them. Once they know there really is no way back from ransomware like Cryptolocker, you’ll have their attention.
  2. Second, review safe browsing and phishing-prevention tactics. Most of this malware requires users to be tricked into downloading an application or opening a file. If users don’t click, they’ll be safe.
  3. Urge users to come forward. Let them know that whether it’s a work device or BYOD, they should come to you with suspicious error messages or demands. If they pay up hoping to keep things quiet, malware could still be running in the background, putting your systems at risk.