No negotiation: The rising threat of crypto ransomware

Privacy news
3 mins
Shield surrounded by ransomware bots.

We all know the rule – you don’t negotiate with terrorists. When you react to their demands, you prove their tactics work. Worse, you give them a reason to continue.

In the world of technology, the same rule applies. You don’t negotiate with hackers, attackers, and criminals. You don’t line their pockets and send them on to the next helpless victim.

But while we know what’s right, it’s not always easy advice to follow.

Ransomware locks you out of your devices, holding them to ransom. But who cares about devices? The real threat is to your most valuable asset of all – your data.

And the bad news is it’s a threat that’s growing fast.

The crypto ransomware rampage

Crypto ransomware has been around a long time. In fact, PC Cyborg – the first recorded ransomware trojan – was encrypting data and holding it to ransom as far back as 1989.

But while crypto ransomware isn’t a new problem, it’s a threat that’s getting bigger all the time.

According to Symantec, data encryption was only present in 1.2 per cent of ransomware at the start of 2014. By the end of August, that figure hit a terrifying 31 per cent.

So why the sudden increase? Who’s to blame? The answer, at least in part, is CryptoLocker.

CryptoLocker was first detected in September 2013. Distributed through the established Gameover ZeuS botnet and infected email attachments, the trojan encrypted user data and displayed a screen demanding payment.

It was a huge success. According to CERT, reaching just 5,700 computers could lead to profit of $33,600 in one day. CryptoLocker reached around 545,000 computers worldwide.

Fortunately, a government and law enforcement effort saw the dismantling of both the Gameover ZeuS botnet and CryptoLocker in June 2014.

But the problem didn’t go away. Other criminals had seen CryptoLocker’s success and dollar signs lit up in their eyes.

Turning security against you

Why was CryptoLocker so successful? What made this trojan so potent? And why has it changed the IT security landscape forever?

The simple truth is it comes down to cryptography. Which is a lot more simple than it sounds.

Back in 1989 when PC Cyborg held our retro computers to ransom, data was encrypted using symmetric cryptography. As a result, it was possible to reverse engineer the encryption and unlock your data.

But, since then, our security has evolved. Encryption has become far more sophisticated, which for the most part is a great thing. That is until attackers turn it against us.

See, CryptoLocker uses asymmetric cryptography, with two keys – one public, one private – required to encrypt and decrypt data. In this approach, the private key never leaves the attacker’s server, making reverse engineering impossible.

And that’s the real issue – CryptoLocker was expertly distributed, suitably threatening, and impossible to remedy. In fact, it was so effective that police in in Swansea, MA opted to pay the ransom when one of their own computers was infected.

Defend your data now

Faced with a threat that even the police can’t surmount, is it any surprise that people feel tempted to pay up? And, when people pay, is it any surprise that attacks are becoming more and more common?

It’s a bleak outlook and the only way to practically deal with the threat is to take action now by improving your defense.

We’d recommend:

  • Regularly updating your antivirus software to the latest threat database
  • Creating redundant backups of your data – so if a copy is encrypted, the data isn’t lost
  • Be aware of the files you’re opening – online or by email, only run files from sources you know and trust

They things you should already be doing, but things that are easy to forget. But remember – when it comes to crypto ransomware, a robust defense may be your only hope.

Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.