Home » Articles » The Rise in “Ransom”-ware
Click Here To Hide Tor

The Rise in “Ransom”-ware

Ransom-ware is loosely defined as malware that attacks the victim’s machine and prevents them from using their system until they pay a ransom using Bitcoin, an anonymous crypto-currency. Hackers seem to target systems that have some sort of time sensitive significance to them, like university researchers Dropbox files, hospital databases, and school district networks. In the case of some hacked university researchers, Dropbox simply restored the users files as soon as them were notified of the breach.


Unfortunately for other researchers at the same university, in Calgary, Canada, their data wasn’t as easily recovered. The university paid $15,500 for the decryption keys as an extra precaution, in the case that they weren’t able to regain their systems. This is proof that public institutions typically have to cave to this kind of extortion, due to their vulnerable systems, and time sensitive data.

Scientific American reported this month,

“This kind of “ransomware” attack is becoming increasingly common, says James Scott, a cybersecurity specialist at the Institute for Critical Infrastructure Technology, a think-tank in Washington DC — and universities are hardly immune. In the United States, the education sector is the third most common target for hackers, after healthcare and retail, he says.

In many cases, the ransom money that hackers can extract from their victims is a secondary goal. “Ransomware is the new DDoS,” Scott says, referring to a Distributed Denial of Service attack, in which a network of infected computers overwhelms a target with more connection requests than it can handle. Hackers use these attacks as a distraction while they steal data, he explains.”


The rise in Ransom-ware has become increasingly terrifying for banks, because publicizing known exploits or extortion tactics will likely encourage more criminal behavior than it stops. Banks report that attacks keep growing. Just this quarter alone, attacks are up 30%, according to Kaspersky Laboratories.  They also report that banks have started to discourage BYOD policies, increased awareness of this extortion tactic to prevent a non-procedural response from an emotionally distraught employee, and have increased efforts to increase their operational security.

Developing countries are particularly vulnerable to this form of cyber terrorism, because they are typically fighting equally or more high tech adversaries. India is the 5th largest victim of ransomware attacks. The government is the most frequently attacked target, followed by Android smartphones and entities based on “Internet of Things”. Recently, three banks and a pharmaceutical company fell victim to these extortion tactics. Two Indian business houses reportedly paid $5 million dollars to have their systems decrypted when they were hacked from an attack originating somewhere in the Middle East.

One school district in New York had their systems infected with ransomware on June 15th. School district officials locked down their entire system and restored the forcibly encrypted data from a back up earlier in the day. The school district’s assistant superintendent said that this ransomware manufacturer wanted $500, but no information existed about this particular kind of malware.

This is just one reported incident of low demand, seemingly automated ransomware. A new ransomware, which operates entirely in Javascript, and steals the victim’s passwords for good measure, has started hi-jacking users machines to the sound of a $250 ransom.  Attackers simply send users JavaScript enabled email attachments, like word documents, that distract the user by taking up their entire screen to allow for the malware to encrypt and hijack the users machine. This is significant, because it’s uncommon to find client-side malware that utilizes web based programming languages to hi-jack users machines.

This means that even high level programming languages can access and exploit machine level components of users machines, making the number of vulnerable machines astronomically higher. No free decryption exists yet for this vulnerability. If you want to avoid falling victim to these attacks, avoid opening .exe, .bat, or any file from unknown emails, because they are likely phishing tools used by automated emails ran by hackers.

For network administrators looking to reduce the potential damage a ransom-ware attack could have on their system, read this. Simple, common sense measures seem to be the best solution to falling victim to ransom-ware attacks.  Ransomware attacks are becoming increasingly popular, and the surge in attacks is likely to continue as long as existing systems continue to remain exposed. For those that have fallen victim to 21st century ransom attacks…


One comment

  1. Great piece. Very informative. Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *