Despite the CryptoLocker headlines, ransomware is still a growing threat to both individual PC users and small-to-medium businesses.
Though our malware defenses have improved, ransomware authors are finding new ways to infect our systems. Fortunately, we have options and solutions.
The evolving forms of ransomware
It’s a computer user’s worst nightmare. You boot your PC, and a big warning box pops up on your screen. No, it’s not a Windows error; the message states that all your files have been encrypted and you’ll have to pay a ransom to get the key.
The first strain of this pernicious form of malware/ransomware was CryptoLocker. It was a profitable scheme — until anti-malware apps adapted to this new threat. But as with any successful infection, CryptoLocker soon mutated into new variations such as CryptoWall and TorrentLocker. Whatever they’re called, all these strains of malware have a common thread: they don’t destroy data but simply lock it up until you pay the ransom. Even when the infection is removed, the data remains encrypted. And in some cases, even backup files are made unusable — unless you buy the key.
Most ransomware infections arrive via email attachments or phishing attacks. They can even be hidden in cloud-based file-sharing sites such as Box, Dropbox and ShareFile. They can be .exe files, ZIP files, or fake PDF files that are in fact executables used to install malicious code.
Ransomware seems to be especially adept at evading anti-malware tools. Its encryption engine is similar to those we regularly use on our PCs, and its pattern or signature can change rapidly. A recent US-CERT notice describes a specific type of malicious code used to download ransomware: “AAEH is a polymorphic downloader with more than two million unique samples. Once installed, it morphs every few hours and rapidly spreads across the network. AAEH has been used to download other malware families, such as Zeus, CryptoLocker, ZeroAccess, and Cutwail.”
That adaptability makes keeping anti-malware detection current a real challenge.