Ransomware is a significant threat to huge corporations as it is to you and me, the notion of every single byte of your personal files being locked up is a frightening thought to those who have treasured memories in the form of images and documents. How effective is Ransomware? It turns out very considering the FBI (Federal Bureau of Investigation) is warning companies that they may be better of paying the ransom to the attackers in order to see their files again.
This centres on the success rate of Cryptolocker, Cryptowall and also other forms of ransomware that utilizes ultra-secure encryption algorithms in order to lock up data. Joseph Bonavolonta who is the Assistant Special Agent in Charge of the FBI’s CYBER and Counter intelligence Program in its Boston office was speaking at the Cyber Security Summit 2015 where he stated that “The ransomware is that good”.
This form of attack has been around for more than a decade which is slightly surprising considering one associates this technique as a newish phenomenon. Although the last three years have seen attacks rise sharply via both malicious email attachments and also drive by downloads which include Malvertising.
According to the FBI, Cryptowall is the most common form of ransomware considering it had received 992 complaints that totalled $18 million in losses. The FBI still wants firms to contact their local law enforcement agency, but, if a company’s data is locked then in all probability the FBI will not be able to retrieve it without a ransom payment.
An interesting element is the feeling that if attackers keep ransoms low for consumers, a bigger percentage will just pay, after all, many people have expendable income and may be inclined to pay.
I am not sure this advice from Joseph Bonavolonta is necessarily helpful, granted, I can understand his sentiments that the FBI may not be able to retrieve any data without a ransom payment, but, if you advise people to pay then this will keep happening over and over again. Criminals partake in these practices in order to make money; if they are making money then I am sure they would feel it’s worthwhile.
Also, there is no guarantee that you would actually gain access to your data once a ransom has been paid, after all, there is no incentive to do so despite Mr Bonavolonta’s reassurances that “You do get your access back”
The best prevention is to be aware of any email attachments or links contained within spam emails and to Not Click on them, if you’re expecting an attachment from a known source, always verify the email just in case said source has been hacked themselves. Any attachments should be scanned to be on the safe side if you trust the email, if you don’t, don’t download or click anything, I know that Nigerian Billionaire sounds tempting, but it’s not worth it, also, always keep your system backed up for a variety of reasons.