Ransomware - The Worst Is Yet to Come - InformationWeek
Partner Perspectives
02:10 PM
Bogdan Botezatu
Bogdan Botezatu
Partner Perspectives
Connect Directly

Ransomware The Worst Is Yet to Come

How long before ransomware targets sensitive devices, including cars and medical implants?

When reviewing the past year, anti-malware companies usually give supporting fdata such as the number of incidents, top threats, and the amount of money lost to malware. This year, unfortunately, we’re starting a new section in malware reports that counts the number of people who have paid the ultimate toll to malware: their lives.

It began in March last year when a Romanian citizen ended his and his son’s life after he was  informed that he had to pay fine in excess of $21,000 for watching pornographic content; the fine was bogus. Because there was no way for the single father to produce the money, he felt under pressure and killed his son and committed suicide.  

The story repeated earlier this year, when a 17-year-old college student took his own life after seeing a ransom message impersonating the UK police. At this point it has become clear that malware has moved well beyond our financial welfare; it is now claiming lives.

The number of crypto-ransomware families is growing at an alarming pace, fueled by the success of crypto-ransomware such as CryptoLocker and CryptoWall. But, unlike CryptoLocker, next-generation CryptoWall developers learned their lessons: The new malware delivery and key management infrastructures of CryptoWall are so well developed and scaled that they could put a significant chunk of legitimate businesses to shame. These developers also learned that the weakest link in this ecosystem is now the command and control infrastructure that can be taken down by law enforcement.

If there were a natural evolution in malware development, CryptoWall would be to CryptoLocker what Homo sapiens are to the Neanderthal. Evolution has trimmed out shortcomings that could make CryptoWall vulnerable: For example, paid ransom money is now split among individual, ad-hoc generated Bitcoin wallets so anti-malware companies and law enforcement can’t just look into one wallet and see the immense profit the operators have made.

The command and control infrastructure has also been migrated to the Darknet via Web-to-TOR gateways. This not only prevents the sink-holing attempts that were once possible by reverse-engineering the DGA, but also makes it impossible for law enforcement to estimate the magnitude of the botnet.

Nobody Is Safe

CryptoWall comes with a variety of features that make it more difficult to detect or take out of business, but a particularly important feature is the polymorphic builder used to create a new virus for every potential victim. Over the weekend, we received more than 1,200 unique CryptoWall samples, and this is only a fraction of what happens on a global scale. Another tactic we spotted through the weekend is calibration: Hackers upload thousands of ransomware samples on antivirus engine aggregators such as VirusTotal, but they don’t show up in the malware telemetry, which means that they have never been sent into the wild. These samples are only used to test how many antiviruses detect it. It only takes one missed sample and your data gets completely owned without any chance of recovery.

It has already been proven that ransomware can inflict huge financial damage on companies and users. It’s also a fact that ransomware has killed people in its wielders’ quest for money, although the incidents mentioned above are only collateral damage and not the hackers’ end goal.

One question still needs answering: How long will it take ransomware to target more sensitive devices we use, including cars and medical implants?

For the past seven years, Bogdan Botezatu has acted as a senior e-threat analyst with Romanian antivirus vendor Bitdefender. While the world sleeps, Bob keeps tabs on emerging threats and developments in the areas of PC and mobile malware. He is passionate about all things ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
3/9/2015 | 9:28:18 AM
Re: Ransomeware - A solution for some users.
I now do my writing on a PC that is not connected to the internet or my home network and use rewriteable CDs to transfer files from my writing PC to my internet PC when i need to send them out.  Yes, it's a pain to have to shift to another PC to do research, check email, send files, etc.  But it's worth the effort to avoid the risk of losing weeks or months of work to malicious software attacks.

"Just because you're paranoid doesn't mean they aren't after you." 
     Joseph Heller, Catch-22
User Rank: Ninja
2/24/2015 | 5:38:41 PM
What to do and where to go
This post should have been done on Halloween for all the creeps it's given me. I can back up my photos on my phone and files on my laptop to protect myself from hackers or whatever variety, but what can I do about the computer chip in my car, or in a medicine pump or a pacemaker. With everything and anything getting connected to the internet, the idea of a money hungry hacker is frightening to say the least. Where do consumers even go if they get hit with ransomware? Is there a federal agency that handles that or do the local cops handle it?
User Rank: Ninja
2/10/2015 | 6:19:18 PM
The Computerized Car Jack

Just a matter of time before cars are "car jacked" from a software perspective. 

I bet we will start to see instances of abuse with the next 5 years or so.  I just bought a car with all of the tech bells and whistles but understanding what lies ahead really makes me uneasy to say the least.

User Rank: Ninja
2/10/2015 | 6:13:26 PM
Re: Ransomware Problem

It `has really been disheartening to learn of Ransomware.  With industries and individuals already struggling with data security.  We now have Ransomware.  I really feel for those who are innocent to the dangers of the Net.  

I will do my part as a tech professional to spread the word and educate both myself and others on best Net practices.

User Rank: Ninja
2/10/2015 | 10:28:46 AM
Re: Ransomware Problem
Indeed. Considering some people's near sociopathic personalities allowing them to do things like 'swatting' individuals for a laugh, I wouldn't put it past monetary incentivised people with the same mental issues from going after extremely sensitive equipment. 
User Rank: Ninja
2/9/2015 | 8:29:17 PM
Ransomeware - A solution for some users.
For computer users. back up your data files. Then, if you are hit by ransomeware, fdisk your hard drive, reinstall your operating system, and reinstall your files.
User Rank: Ninja
2/9/2015 | 3:49:05 PM
Ransomware Problem
It cannot be assumed that the creators of ransomware will not try to cross the line, if a consumer's computer is fair game, which can cause all sorts of problems, for example, loss of an important degree thesis, the inability to pay their bills (heating bill in a very cold state/province) or the ability to conduct normal day-to-day commerce, etc., it all results in a loss to the consumer and economy as a whole. Hence, their cars and medical devices might also be viewed as fair game by the creators of such, harmful software.

Maybe, there are few build-in mechanics in the technology market that keeps a consumer safe, for instance, multiple devices should translate into data residing in multiple place. However, the user should follow best practices, for example, don't click on unknown sites, have good antivirus software and keep it up-to-date, etc. 

As for businesses, they have to enable greater measures, because if a consumer's car is not starting then, it's not the consumers problem, the business has to fix it. In which case, I guess that prevention will cost less then, the cure for the business. 
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll