5 burning questions (and answers) about ransomware

Image credit: Bitdefender

It is probably the fastest-growing security threat of the past few years and emerged on the scene with a bang. 2017 saw the WannaCry cyberattack that hit dozens of target worldwide and is said to have cost the UK National Health Service (NHS) nearly £100 million alone.

Yet, ransomware attacks are nothing new and more often that not are not properly dealt with. We sat down with Bogdan Botezatu, Director of Threat Research at Bitdefender, to find out more about ransomware as a threat.

TechRadar Pro: Let’s start by a very simple question. What is a ransomware?

Bogdan Botezatu: Ransomware is an extremely special type of malware that encrypts user information and asks for a ransom to be paid in exchange of the decryption key. Although the victim’s data is there, it is scrambled in a manner that renders it unusable until it is brought back to its original state through a reverse process called decryption. I said it was a special type of malware because regular malware only manifests itself while it is active on a computer. Wipe that piece of malware clean and the cyber-criminal  who operates it loses their leverage. With ransomware, things are not that easy as wiping the malware does not remove its effects on the files. Data still stays scrambled and impossible to use.

TRP: How many types of ransomware are there? What’s the difference between them?

BB: There are two major types of ransomware in use now: screen lockers and file encryptors. Screen lockers mostly target Android devices and block access to the home screen until the victim pays a specific amount of money as a “fine” screen lockers often impersonate law enforcement agencies and lock access to the device under the false pretext of visiting “illegal” web pages or downloading pirated media. File encryptors are mostly targeting Windows users and alter the contents of files by applying bank-grade encryption. They are nearly impossible to decrypt, which makes them a great tool for cyber-criminals. On average, around 12 new ransomware families show up on the market every month, and only 10 percent of these families of ransomware can be decrypted without paying the attackers. This is why, when it comes to ransomware, prevention is crucial.

TRP: What happened over the past few years that has caused the ransomware threat to grow so fast

BB: Ransomware made a debut sometime around late 2014 with the advent of Cryptolocker. Cryptolocker was asking for a ransom to be paid in Bitcoin, a digital currency that offers a high level of anonymity and extorted more than 28 million US  dollars in just four months of intense activity. The highly successful business prompted more and more cyber-criminals to shift from other high-risk criminal activities towards this new category of malware. Experienced hackers who developed ransomware for personal use also started licensing their creations to affiliates in exchange of a share of profits. As of now, operators who want to get into the ransomware business have a variety of options, depending on their technical skills and commitment to running a ransomware operation.

TRP: What’s the best way to mitigate ransomware? What Bitdefender tools are available to proactively protect oneself from ransomware (rather than retroactively).

BB: The best defense against ransomware is not getting infected in the first place. Modern security suites such as those offered by Bitdefender have layered defenses against ransomware: heuristics powered by artificial intelligence, behavior-based detection and Ransomware Remediation as a last line of defense. In addition to running a security solution, we also advise users that they back data up regularly on a USB storage that is not permanently connected to the computer. In case of a ransomware attack, they should wipe the computer clean and restore from back-ups, thus avoiding to pay the bad guys the required amount of money. Paying up motivates hackers to come up with better malware and infect more and more victims.

TRP: Most publicized ransomware attack seems to focus on Windows. Why is that the case? Does that mean that other operating systems are immune or less likely to be a victim of ransomware?

BB: While ransomware is mostly known for infecting Windows computers, hackers have intensified their efforts on compromising other operating systems as well. Ransomware running on Linux machines has been spotted infecting Linux servers as of 2015. Ransomware also targets Mac users either via cracked applications downloaded from illegal sources or via a technique called “supply chain attack”. Attackers are attempting to break into the infrastructure of popular applications and taint their code with ransomware. Victims are unwarily installing these applications only to find their data encrypted.

  • With a worldwide network of 500 million machines, Bitdefender has the largest security delivery infrastructure on the globe. Performing 11 billion security queries per day, Bitdefender detects, anticipates and takes action to neutralize even the newest dangers anywhere in the world in as little as 3 seconds.