Not only are ransomware attacks increasing in frequency, but they are also evolving quickly as cyber criminals find new ways to encrypt data and hold it for ransom. Ransomware is the hot hacking trend of 2016. Hospitals, retailers, financial firms and every industry imaginable have fallen victim. The attacks are easy for cyber criminals to implement and the payoff is high when victims have no choice but to cough up the cash (or bitcoin, rather) to get their data decrypted.
Kaspersky Lab, a Russian security firm, found 2,896 new ransomware modifications in the first quarter of 2016. This means that hackers are creating new versions of existing ransomware. Newer versions of ransomware contain long keys so files can’t be decrypted without the key.
One of the freshest ransomware species is called Petya. Typical ransomware encrypts files one by one while Petya encrypts the entire hard drive all at once. It also has the ability to overwrite the hard drive’s Master Boot Record, making it impossible for computers to boot the operating system. Not only would you be unable to access files, but you would also have a useless computer until the ransom is paid. This is quite an vicious attack as victims need the computer in order to pay the ransom. Petya wants to block access to the entire hard drive.
Petya has infected mostly businesses so far. It is spread via spam emails sent to HR departments and CEOs that appear like job applications. The email appears to be sent from someone seeking a job within the company. The email contains a Dropbox link that looks like their curriculum vitae but it is actually an EXE file that, once clicked, leads instantly to a Blue Screen of Death. Fortunately, Dropbox has since removed the malicious Petya files from its cloud storage, though hackers will probably find another way to deliver the file.
Once Petya is finished installing, a skull created with ASCII characters appears on the screen. Then the victim is informed that they must pay .9 bitcoins (about $380) in order to get the files back. The only catch is that users must find a different computer in order to decrypt the files since their operating system will not load.
Unfortunately, security researchers still haven’t found the key to decrypting Petya without having to pay the ransom. Here’s what you need to do if you have fallen victim to Petya:
Once you see the Blue Screen of Death, shut down your computer immediately and remove the hard drive. At this point, your files have not been encrypted. You will be able to take the hard drive to a professional IT company and they can place it in another computer (without using it as a boot device) in order to recover the files and put them on a new hard drive. You’ll be good to go.
Since Petya encrypts the entire drive and not individual files, it is possible for an expert to recover the files. However, this is a complicated, lengthy, and expensive process. Don’t try to do it yourself.
Why the increase?
Aleks Gostev, Chief Security Expert in the Global Research and Analysis Team told Help Net Security, “One of the reasons why ransomware has become so popular lies in the simplicity of the business model used by cybercriminals. Once the ransomware gets into the users’ system there is almost no chance of getting rid of it without losing personal data. Also, the demand to pay the ransom in bitcoins makes the payment process anonymous and almost untraceable which is very attractive to fraudsters.”
Cybercriminals also see ransomware victims as low hanging fruit. Most businesses are unaware of or they ignore basic security measures. They may not realize the risk of ransomware and they aren’t aware of technological solutions to prevent the threat.
By Kaspersky’s research, the occurrence of ransomware attacks as well as all types of data breaches will continue to rise in the next quarter and throughout the year.