Interestingly, ransomware is not a new thing. It first appeared in 1989 with a Trojan program called, “AIDS Trojan,” which was spread by floppy disk. The AIDS Trojan used several tricks to hide files and encrypt their names using symmetric cryptography. The author extorted a $189 fee from users to provide a restoration tool. The author was identified and forced to stop the distribution,
Taking an item of tremendous value – data belonging to an organization or an individual – and demanding compensation for its return is a highly effective way for criminals to get what they want. This criminal act is achieved through ransomware and, because it is effective and generally not all that complicated for a cybercriminal to carry out,
In the last few years extortion has hit computer users, big time.
Consumers and businesses alike are finding themselves locked out of their computers, or prevented from accessing their valuable data, by ransomware attacks that demand a payment be made to online criminals.
But normally when these malicious attacks are described,
Over the last several weeks I’ve written about ransomware primarily as it relates to individual machines or mobile devices. There is another very sneaky variant of ransomware which you should be aware of. It’s specifically crafted to hold websites hostage. It’s called RansomWeb. It’s methodology is slow and diabolical, and I believe it’s out there silently working on websites today.
In my previous two posts How Does Ransomware Work? Part 1 and Part 2 I described the process ransomware goes through to get on your systems, encrypt your files, and collect your money. Like any malware, all of the steps in the process need to be successful in order for ransomware to work.
In part 1 I outlined how ransomware gets on your system in the first place. We saw that it operates in much the same manner as other malware: It needs a delivery system, a vulnerability to exploit, a payload to install, and a way to establish communications with a command & control (C&C) server.
Let’s take a look at how ransomware works. In some stages of the operational cycle ransomware runs much like any other malware which may find its way onto your systems. In other stages ransomware has introduced completely new areas of operating for cybercriminals.
The first few stages of the ransomware cycle use the tried-and-true methods cybercriminals are accustomed to using.
Let me paint a scene for you. You’re sitting at your desk between meetings. You’re working on a PowerPoint for a customer meeting tomorrow, and you’re waiting for an email back from a co-worker. You have another meeting in an hour, which gives you just enough time to hone this presentation. It’s been 15 well-crafted slides since you last saved.
In the pre-internet days, ransoms typically involved only prominent, wealthy people and their families. Kidnapping people for ransom is mostly a thing of the past nowadays. It’s an old-fashioned crime. You can’t really get away with it anymore.
Kidnapping files, however, is rapidly becoming more popular. Intel/McAfee reports a 155% rise in ransomware in Q4 of 2014,
This is the first in a series of posts about ransomware. In this post and over the next several weeks I’ll discuss what ransomware is, who the victims are, give some details on a couple of specific types, how to protect your organization, and what to do when your systems have been taken captive.
Lumension recently released the sixth annual State of the Endpoint Risk report [PDF], based on research by the Ponemon Institute. I’ve blogged about this report several times this year: you can find those posts here and here.
This past week I was honored to present the results of this research alongside Dr.
If you want to watch a video, you go to YouTube. It’s as simple as that.
Although other sites exist which host videos, Google-owned YouTube is the Goliath in the market – and gets the overwhelming bulk of the net’s video-watching traffic.
And, of course, that enormous success and high traffic brings with it unwanted attention –
I do not believe when Apple launched the iPhone it had some grand plan to change the very nature of how we work. If it had, the phrase would be Bring Your Own iDevice – and it would surely have been copyrighted. iDevices are consumer products, and as Jean Brodie said, “Safety does not come first.