Cyber Security
What we can do about ransomware - today and tomorrow APAC countries must take note of the prevalence of ransomware attacks in the U.S. and Europe. The good news is that tools and technologies are emerging to combat these cybercrimes. By Alan Zeichick Principal Analyst, Camden Associates.
14 | Chief IT Magazine
R
ansomware is a huge problem that’s causing real harm to businesses and individuals. Technology service providers are gearing up to fight these cyberattacks – and that’s coming none too soon. In March 2016, Methodist Hospital reported that it was operating in an internal state of emergency after a ransomware attack encrypted files on its file servers. The data on those servers was inaccessible to the Kentucky-based hospital’s doctors and administrators unless the hackers received about $1,600 in Bitcoins. A month earlier, a hospital in Los Angeles paid about $17,000 in ransom money to recover its data after a similar hack attack. According to the CEO of Hollywood Presbyterian Medical Center, Allen Stefanek, “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key.” As far as we know, no lives have been lost due to ransomware, but the attacks keep coming – and consumers and businesses are often left with no choice but to pay the ransom, usually in untraceable Bitcoins.
The culprit in many of the attacks — but not all of them — is a sophisticated trojan called Locky. First appearing in 2013, Locky is described by Avast as using top-class features, “such as a domain generation algorithm, custom encrypted communication, TOR/BitCoin payment, strong RSA2048+AES-128 file encryption and can encrypt over 160 different file types, including virtual disks, source codes and databases.” Multiple versions of Locky are on the Internet today, which makes fighting it particularly frustrating. Another virulent ransomware trojan is called CryptoLocker, which works in a similar way. Ransomware is a type of cyberattack where bad actors gain access to a system, such as a consumer’s desktop or a corporate server. The attack vector might be provided by downloading a piece of malware attached to an email, visiting a corrupted website that runs a script that installs the malware or by opening a document that contains a malicious macro that downloads the malware. In most ransomware attacks, the malware encrypts the user’s data and then demands an untraceable ransom in order to either decrypt the data or provide the user with a key to decrypt it. Because the data is