Ransomware scam artists have a good thing going. They infect some computers and inflict a distasteful—but ultimately logical—choice on the victims: Pay up or lose your data.
Ransoms can be an expensive lesson for most. Many consumers opt not to pay and rely on whatever backups they have. Businesses often pay—an act that may require dealing with Bitcoin markets as well as feeling like a chump. Yet, even the FBI has said it understands when victims pay.
Ransomware rules, broken
The fleecing of Kansas Heart Hospital may change that.
After the hospital paid ransom to get its data back, the criminals who had infected the hospital’s network refused to give the business all the keys to the data. Instead, they asked for more money, and the hospital—after consulting with its security advisors—did not pay, according to an article in local media.
“The policy of the Kansas Heart Hospital in conjunction with our consultants, felt no longer was this a wise maneuver or strategy,” Dr. Greg Duick, president of the Kansas Heart Hospital, told Kansas television station KWCH. The hospital did not return a request for comment.
This attempt to double-dip has broken the unwritten compact between victim and data-napper. If paying the ransom doesn’t result in a return of the stolen property, victims will quickly lose their incentive to pay.
A similar revision of the balance between victim and kidnapper took place following the terrorist attacks of September 11, 2001, points out Christopher Budd, global threat communications manager at Trend Micro. The terrorists who hijacked multiple planes broke with the traditional hostage-for-ransom model, to say the least. Their actions inspired a no-tolerance attitude toward hijackings that took negotiation or ransom out of the picture.
“One act changed people’s trust in hijackers,” said Budd. “Since 2001, there have been very few hijackings of airplanes.”
The bad guys are breaking the rules in other ways as well, by threatening additional measures for those victims who don’t pay. In other ransomware incidents, for example, attackers have claimed — falsely, so far — that they would publish a victim’s data. They have also delivered on threats to turn the computer of victims who do not pay into “bots” that are then used to conduct distributed denial-of-service attacks.
“This underscores one of the reason that we say you do not pay the ransom,” says Budd. “At the end of the day, they are a criminals. You cannot trust them.”
Currently, nearly half of potential victims believe they would pay a ransom, a number large enough to allow ransomware operators to continue to profit. A recent BitDefender study said that in the United States, half of all victims had paid in the past, and 40 percent of all users surveyed confirmed that they would pay.
It's unclear, however, how many victims actually follow through. In 2012, security firm Symantec analyzed a ransomware management server that gathered global data on 68,000 computers that were compromised in a single month. Symantec found that only 2.9 percent of those victims paid. At the time, however, few people trusted the criminals to pay up. Today, most groups have a reputation for at least trying to help victims recover their data, after they've paid, of course.
Protecting against ransomware
Ransomware isn't dead yet, and you don't want to get hit. Here’s how to protect yourself.
1. Back up, back up, back up
If you do only one thing, back up your data regularly. Backups prepare computer owners to delete their systems and reinstall, said Barry Shteiman, director of threat research at Exabeam.
“We are still at a very early stage of ransomware,” he said. “It will become a ransom-worm very soon, where they try to encrypt as many computers as possible.” When that happens, you'll be grateful for that backup.
2. Harden your system against attacks
A variety of measures can help make systems more resilient to attack. Regular updates will ensure that no easy-to-exploit public vulnerabilities are poised like an open door to allow attackers into your system. While anti-malware software is nice, the domain-lookup based security increasingly included with such programs—such as Norton ConnectSafe or Comodo Secure DNS or OpenDNS’s Umbrella service—can block malware from being downloaded to your system.
3. Set up a good firewall
In addition, use an application firewall to be aware of what’s communicating from your computer. While they can require some care and feeding at first, such security applications pay off in the long run. On the Mac, Little Snitch is a popular choice, and GlassWire or Zone Alarm are available on Windows.