IBM: Dark web ransomware is mushrooming

Cyber Lock

The dark web is continuing to live up to its name after an IBM report delivered a damning assessment of the threats lurking at almost every turn.

IBM's X-Force Threat Quarterly Q3 2015 showed that there has been an increase in the amount of bad traffic on Tor, the browser used to access the dark web, and the report kicks off with a warning to that end.

"This latest report reveals that more than 150,000 malicious events have originated from Tor in the US alone thus far in 2015," the report according to The Inquirer. "Tor has also played a role in the growing ransomware attack trend. Attackers have evolved the use of encryption to hold data hostage and demand payment/ransom for the decryption code."

The worst cases

Tor nodes in the US are the worst offenders and the bad traffic stemming from them contributed to 180,000 attacks. Close behind is the Netherlands with 150,000 attacks and Romania rounded off the podium with 80,000.

All manner of different attacks are being launched by malicious actors on the dark web including cyber attacks that lead to ransomware demands, distributed denial of service attacks (DDoS) and SQL injection attacks, the latter of which is the most common attack variant on Tor.

Users on the dark web are being easily fooled by fake/rogue antivirus messages that masquerade as web ads that seem genuine. Unfortunately many are installing or updating what they think is an antivirus program before being hit by ransomware demands.

How to protect yourself

"Do not assume that if you are infected with encryption-based ransomware you can simply pay the ransom and reliably get your data back," said IBM.

Anyone using the dark web is strongly urged to back up their data and make sure that at least one is not a visible drive on the computer. This is easy to create using a cloud provider or utilising an external drive. Those not doing so are clearly under threat and getting your data back after an attack of this ilk is incredibly difficult.