Ransomware: “To Pay or Not” Is NOT the Question

Ransomware Attacks 2014-2016 - Chart / Illustrations for Authentic8 blog postSECURITY

Mac computers, once considered comparatively safe, were hit this week by “ransomware” for the first time, malicious software that uses encryption to lock users out of their files until they pay a hefty ransom to unlock them. 

Some have suggested to simply accept the scourge of ransomware as a fact of digital life. Their recommendation for when the worst happens: just pay up. And the FBI seems to agree.

Not so fast. Instead of asking whether “to pay or not to pay”, we should ask: Is there a way to protect ourselves against ransomware so we don’t have to face that dilemma?

***

Apple blocked the attack soon after it was first reported that ransomware was hidden in a 3rd-party software, the Transmission BitTorrent client installer for OS X.

Still, it’s safe to assume that it will not be the last ransomware to target Macs, nor the last attack to make headlines.

I thought this would be a good time to step back and take a look at the bigger picture. Remind me again, why is it that nobody seems safe from ransomware attacks - not even Mac users?

Illustration for blog post on How to Prevent Ransomware Attacks - chart data source: BBR Services

Source: Beazley Breach Insights 2016 / BBR Services                        

When we look at how most of these attacks get started, the answer becomes obvious: Traditional web browsers open the door for cyber criminals to drop ransomware on victims’ computers.

This  security weakness of the traditional browser, where it indiscriminately downloads code from the web to the local computer, is all the bad guys need to plant their nefarious programs and hold individual computers - or whole corporate networks - hostage .

Ransomware attacks typically occur in three steps:

  • From a website, via a webmail link or as part of the “payload” in an infected file, the malicious program is downloaded to the victim’s computer, without the user’s knowledge.

    This is so easy because it is either hidden in a file, as was the case with the “KeRanger” exploit directed against Apple’s Mac, or behind a link that gets clicked without hesitation.

  • The code works in the background, spreading to connected file shares and other computers on the network. After it has propagated, it starts to encrypt files across the file system(s).  
  • Once the malware has completed its mission, victims will find themselves locked out of their files.  A basic .txt document or a pop-up message will relay the ransom demand, usually with a deadline, to be paid typically with BitCoin.

    With the KeRanger exploit, the hackers offered to decrypt one file as proof that they have the decrypt key.

Reports suggest that the ransomware-infected version of Transmission was downloaded more than 6,500 times before a safe update was posted.

This KeRanger incident comes on the heels of another widely publicized ransomware attack at Hollywood Presbyterian Medical Center in Los Angeles, California. To get back in control of its network, the hospital’s management gave in to the $ 17,000 demand of the criminals.

The official statement from CEO Allen Stefanek amounted to an admission of defeat: “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key.”

They’re not alone. Lots of victims are paying.

That’s a sad state of affairs. Surely law enforcement has a handle on this type of crime, right?

Good question. In fact, they’ve become a main target of ransomware attacks. Various confirmed reports indicate they’ve been busy paying ransoms as well. Organized cybercrime couldn’t wish for a better business outlook. Ransomware has evolved into one of its most promising revenue sources.

One ransomware program alone, Cryptowall 3.0, is estimated to have earned the bad guys more than $ 325 million from U.S. victims in 2015. Like the organized crime protection rackets of old, these modern-day Internet Sopranos will continue to turn up the heat in the ‘hood.

Without a forceful response, they will rake in even more money.

But there is an option, and it’s the simplest thing ever. It involves the program you’re using at this very moment - the browser.

How to avoid ransomware in the first place:

The Internet browser is designed to connect to a website and download code. Most of the time, it’s good code that draws pictures, helps you to make online purchases, and displays movies. But sometimes it downloads bad code - like  programs that will hold your data for ransom.

How prevent ransomware infections? The solution is to use a different browser than the traditional ones that open the door to ransomware and all the other web-based threats. With Silo, Authentic8’s secure virtual browser, the question whether to pay or not becomes moot.

When you access the web using Silo, ransomware can’t get close to your computer or network, because all web code stays in a secure container in the cloud.  You see an encrypted display of that remote browser - only the pixels.  

Silo works just like your normal browser (some say even better), but it keeps your computer perfectly insulated from ransomware and other threats. With Silo, exploits like KeRanger, Cryptowall and any of their brethren on the Mac get locked out cold.

Try Silo free here.

 

About the author: Scott Petry is Co-Founder and CEO of Authentic8. Prior to Authentic8, Scott was the founder of Postini.

Scott Petry - Scott is Co-Founder and CEO of Authentic8. Prior to Authentic8, Scott founded Postini and served in a variety of C-level roles until its acquisition by Google in 2007.

Topics: Security