Enterprise Security

TECHNOLOGY LAW CORNER

Yikes! Ransomware Could Take Over Your Hard Drive

Malware is running rampant on the Internet, affecting smartphones, tablets and personal computers. Relatively new malware allows bad guys to encrypt devices until a ransom is paid. Usually the ransom is required in bitcoin, rather than U.S. currency, as it cannot be traced.

What are the legal and other risks associated with ransomware?

Ransomware is largely directed at personal devices and small businesses, particularly since larger companies tend to have better Internet hygiene for their devices — like regular backups and requiring that passwords be stored in a safe place rather than on a device.

Following are just a few examples of the data at risk from ransomware, which can plague you if you cannot immediately cleanse your device, or set up a new one and restore your data with an up-to-date backup:

  • Tax information. What if you keep all of your tax records on your hard drive using Quicken or another program? Losing tax records and financial information will make it very difficult to do your taxes, or prove expenses if you are audited.
  • Client work. If you are relatively paperless and store your work on the computer, you may lose valuable time or work.
  • Passwords. If you are locked out of your bank accounts and other sites, it will take time to restore access, or you may lose access altogether.

How Can You Protect Yourself?

First, take steps to avoid ransomware in the first place. It is, after all, malware. So, do not click on attachments or go to websites if you are not sure of the sources.

Second, get a good app for your smartphone or tablet, and a software program to protect your personal computer in real time. Be good to your devices: Install security tools and regularly run scans. If you think your smartphone or tablet has been infected with malware, think twice about plugging it into your computer.

Third, back up your hard drives to the cloud or to a portable hard drive. Of course, cloud storage has its own set of risks. For example, when you use a free cloud service, you run the risk that your data may not be available when you need it.

What Exactly Is Ransomware?

Ransomware is specialized malware that “immediately makes its presence known by encrypting files and demanding payment for the keys to unlock them.” The Department of Homeland Security (DHS) issued an alert last fall that includes this description:”Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of [100-300 US dollars], and is sometimes demanded in virtual currency, such as Bitcoin.

“Ransomware is typically spread through phishing emails that contain malicious attachments and drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and malware is downloaded and installed without their knowledge. Crypto ransomware, a variant that encrypts files, is typically spread through similar methods, and has been spread through Web-based instant messaging applications.”DHS discourages paying the ransom:”Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.”Notwithstanding DHS’ advice, the Dickson County (Tennessee) Sheriff subsequently paid a $500 bitcoin ransom to get back files on a corrupted computer, after consulting the Tennessee Bureau of Investigation and the FBI. Paying the ransom, they concluded, was the best way to deal with the problem at hand.

Ransomware Reports

Dell SecureWorks last summer issued a report about CryptoWall Ransomware.

Between March and August 2014, “nearly 625,000 systems were infected with CryptoWall. In that timeframe, CryptoWall encrypted more than 5.25 billion files,” it states.

This type of ransomware is run by botnet operators, so there is no pattern to suggest which victims might be targeted for attacks. The report notes the following:”Ransoms ranging from $200 to $2,000 have been demanded at various times by CryptoWall’s operators. The larger ransoms are typically reserved for victims who do not pay within the allotted time (usually 4 to 7 days). In one case, a victim paid $10,000 for the release of their files.”Bromium recently released a report entitled “Understanding Crypto-Ransomware — In-Depth Analysis of the Most Popular Malware Families.” Its introduction makes the following observation:”This threat is called crypto-ransomware (ransomware) and includes at least a half-dozen variants, including CryptoLocker and CryptoWall. Ransomware shows no sign of abating since traditional detection-based protection, such as antivirus, has proven ineffective at preventing the attack. In fact, ransomware has been increasing in sophistication since it first appeared in September 2013, leveraging new attack vectors, incorporating advanced encryption algorithms and expanding the number of file types it targets.”

In Conclusion

Ransomware is a rapidly growing problem, and there is not yet a solution.

Until a solution to fully protect against malware is found, traditional advice still applies: Protect your computers and other devices with antimalware apps and software, back up regularly, and store your passwords in a safe place.

Peter S. Vogel

E-Commerce Times columnist Peter S. Vogel is a partner at Gardere Wynne Sewell, where he is Chair of the Internet, eCommerce & Technology Team. Peter tries lawsuits and negotiations contract dealing with IT and the Internet. Before practicing law, he was a mainframe programmer and received a Masters in computer science. His blog covers IT and Internet topics. You can connect with him on Google+.

1 Comment

  • However, there IS, in fact, a very practical solution for the problem of ransomware as well as most other malware. Simply stop using Microsoft Windows (and now apparently Android). In the past, not using Windows was definitely difficult for many, but in today’s day and age, there are viable options other than Windows (obviously Apple’s Macintosh and iOS devices are the simple answer).

    Sure, there is no 100% secure system in existence, but let’s get real. There are no known ransomwares for the Mac or iPhone/iPad. There are very few actual malwares for the Mac and absolutely zero for the iOS devices. So if we are talking practical security, getting away from Windows is an extraordinarily effective strategy. And please no one give me the tired old argument that the Mac doesn’t have enough marketshare to attract virus writers. After 14 years of Mac OS X certainly some malware developers would have attacked the Mac if for no other reason than to prove they could. And don’t forget 8 years later there have never been any malware for iOS. The truth is that Mac OS X, and other UNIX-dervied operating systems, are significantly more secure from an architectural standpoint. Windows has a faulty foundation and it’s time for the IT industry to truthfully acknowledge that. How many more multi-million dollar Target, Home Depot, and Sony malware breaches do we need to hammer that point home?

    At some point we need to start holding technology experts and authors accountable for not discussing viable alternatives to Microsoft Windows, especially when discussing malware. To say "there is not yet a solution" and that only "traditional advice still applies" is bordering on irresponsibility.

    I have written more extensively on this on my own blog: http://marcelbrown.com/2014/11/14/single-important-technology-shift-can-make-2015/

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Peter S. Vogel
More in Enterprise Security

E-Commerce Times Channels