CIOREVIEW >> Cyber Security >>

Thwart the Malicious Duo: Ransomware and Extortionware

By CIOReview | Friday, June 24, 2016

These days, cyberattacks are so common that every organization will have taken security measures for the cluster of threats that are waiting to invade. Do you know about these two vicious siblings of the cyberattack family? The league has wreaked havoc around the world, targeting some of the reputed organizations’ databases and operational systems, putting them on a razor’s edge and continues to be a recurring problem for all businesses and individuals. They have not only embodied unprecedented attack techniques, but have also inflicted heavy damage on its targets. Meet these two new agents of menace—Ransomware and Extortionware.

Both ransomware and extortionware steal data from systems irrespective of enterprises or individuals and demand for ransom. But, there are significant divergences between the two and the menace that they pose to their victims. ransomware relies on cyberfelons to encipher the victim’s data and demands payment in bitcoins in exchange for the decipher code. Whereas, in extortionware, the stolen data will be made public and a more directed disclosure will take place if the victim refuses to pay the ransom to the attacker. Victims are less likely to involve law enforcement, due to the sensitive nature of the data. Cyberfelons take advantage of that and exploit extortionware as a much more targeted malware to yield a higher take per victims.

The Ashley Madison hack of 2015 was a similar kind of extortionware attack, wherein the cyberpunks threatened to publicly reveal sensitive data unless demands were met. As per the August 2015 Threats Report of McAfee Labs, such acts of cyberextortion grew by 58 percent in the second quarter of 2015, compared to Q2 of 2014.

Recent reports indicate, some of the far-reaching and popular websites such as AOL, MSN, BBC, and The New York Times exposed their customers to ransomware through online advertisements. Even visitors of Forbes and Yahoo have been trapped by malicious advertisements leading to the installation of ransomware and other types of malware. Also, a cybersecurity company, RiskIQ located in San Francisco, reported that the number of unusual malvertisements in June 2015 rose by 60 percent from the previous year.

To date, victims have mainly been individuals with data from their smartphones and computers being arrested for ransom. Tim Keanini, CTO and a cybersecurity expert at Lancope—a company that deals with flow analysis for security and network performance monitoring—predicts that industries are at great risk, particularly the healthcare industry. For instance, the process of moving sensitive electronic health records over data lines is always susceptible to breach by cyberfelons, leading to consequences such as, misuse of data ranging up to loss of life in some cases. Organizations and individuals have to deal with these kinds of cyberattacks more cautiously to avoid falling in to the traps of breachers.

Measures to Overcome Ransomware and Extortionware

Cyberexperts, Ori Eisen and Robert Siciliano, recommend using reputed and updated antivirus software and a firewall or even backing up important files either in an external hard drive or in an online service to not fall victim to ransomware attacks. One can take simple precautions like enabling the popup blocker and avoiding clicking suspicious links in emails and websites. When a user receives a ransomware note, it is vital to disconnect the system from the Internet to make sure that the personal data is not transmitted to perpetrators. Additionally, the user can alert authorities such as FBI to help recover data from the malicious lock up. In the case of a ransomware attack, avoid being apprehensive of the attacker’s demand for money.

Effectively, there are three types of endpoint-security solutions to protect against ransomware attacks—definition-based anti-virus, behavioral-based anti-malware, and content filtering.

Definition-based antivirus software works by detecting the patterns in attachments and files that indicate the presence of known security threats. Behavioral-based anti-malware, on the other hand, detects security invasions by keeping an eye on unusual system and user behavior.

Meanwhile, content filtering solutions find malware on websites that have been framed-up with the intention of spreading malicious programs. OpenDNS, Barracuda, WebTitan, and WebSense are some of the tools that offer three level protections to fight against such threatening malwares. On the whole, there are several key ransomware removal tools that clean up CryptoWall, Cryptolocker, and Extortionware. In following through every protection and recovery processes, it is recommended to keep a track record of Filelist and Bitcoin wallet of a ransomware.

The most effective practice to avoid becoming a victim in the first place is taking precautions to protect data and conserve wakefulness among employees. Of course, budgets certainly have their importance in helping prevent such cyberbullying. However, it is more crucial to have good planning from an administration point of view to effectively preclude targeted cyberattacks by conducting awareness programs and implementing robust threat prevention strategies.