06.06.19

The current state of ransomware

Ransomware is not new – it dates back to the 1980s – but it has undergone a renaissance throughout the 2010s, to the extent that it looks almost nothing like it did in its early days.

Perpetrators have enhanced various strains with strong encryption (CryptoLocker), designed them to exploit protocols such as Microsoft Windows SMB (WannaCry) and enabled easy lateral movement through a local network (Bad Rabbit). The result has been a long-term uptick in the number and severity of ransomware infections: Verizon’s 2018 Data Breach Investigations Report found that ransomware was a factor in 39 percent of breaches, double the rate observed in 2017.

Be safer with voice-powered assistants like Amazon Alexa and Google Assitant

It’s rarely if ever a good idea to pay the ransom, since there’s no guarantee you’ll get your files back.  

While ransomware has received less attention as newer techniques such as cryptojacking have entered the spotlight, it would be a mistake to overlook the ongoing threat that ransomware poses to cybersecurity. Let’s quickly review the state of ransomware in 2019:

Ransomware is becoming more aggressive and destructive

The LockerGoga ransomware that wreaked havoc on industrial companies Norsk Hydro and Altran Technologies in 2019 was notable for its aggressive design. In addition to encrypting vital system files, LockerGoga also reset the passwords on all administrator accounts, forcibly logged out all active sessions and completely locked down Boot Manager, which is required to start Windows. Accordingly, its victims likely had no opportunity to even pay the ransom, since they couldn’t log in.

GandCrab is still a threat

One of the most successful ransomware schemes of all time, GandCrab is infamous for its blackmail-esque tactics. It might claim to have hacked your webcam or caught you browsing certain sites, so that it can make a convincing case for collecting payment. The latest variants of GandCrab have some tell-tale signs you should look for. The email containing the ransomware usually has a romantic subject line, a body containing a heart symbol and a ZIP file attachment named “Love_You” followed by a few digits. Don’t interact if you receive such a message.

Email is the main delivery mechanism for ransomware

As much as 60 percent of all ransomware infections may be traceable to malicious URLs embedded in email. Be vigilant about what comes into your inbox: Look for typos, long and garbled links, odd subject lines and strange return email addresses. Turn off remote image loading to further reduce the risk of downloading possibly malicious, ransomware-related content. And above all, don’t click if you’re in doubt.

System backup provides recourse against most ransomware

It’s rarely if ever a good idea to pay the ransom, since there’s no guarantee you’ll get your files back. The best solution is to regularly back-up your system so that you can safely roll it back to a pre-infection state. A solution like Total Defense Ultimate Security suite pairs backup with the most comprehensive protection from ransomware and other threats.