Ransomware

June 29, 2016

The ransomware epidemic explained

Ransomware is an epidemic. Every day more businesses, consumers, government and other organizations are finding their critical data held hostage and collectively paying millions of dollars to get it back. In some cases, such as attacks on hospitals, it is literally threatening lives. And with over 100,000 new variants released every day, ransomware is mutating like a nightmare virus, while the world’s cyber security forces work feverishly to stop it. In fact, ransomware is the number one cyber concern among healthcare organizations according to the Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data.

As with Ebola and Zika and other viral epidemics, experts and potential victims need to understand how the disease attacks and how it spreads so they can protect themselves.

Ransomware in a nutshell

Most ransomware either locks the interface or encrypts files on a computer or network, sends users a ransom message, and, ideally, releases the interface or decrypts the data after the ransom is paid. (Although Richard Walters, senior vice president of security products at Intermedia, recently told TechNewsWorld that companies have a 20 percent chance of not getting their data back after the ransom is paid.) The details of ransomware can and do vary widely, partly to keep attackers ahead of security experts and partly to keep victims off balance and paying.

According to The ICIT Ransomware Report, the first ransomware appeared in the 1980s, and, ironically, until ten years ago, most of it was fake. Fraudulent spyware removal tools and performance optimizers scared users into paying to fix problems that didn’t really exist. Although the first ransomware that actually denies access to data was developed in 1989, the malware didn’t become common until 2006.

At this point, there are two major types of ransomware:

  • Locker ransomware restricts user access to infected systems by locking up the interface or computing resources within the system. It puts up a display page telling victims to pay through credit vouchers purchased from local stores or money transfer services. According to security software vendor Symantec, locker ransomware accounted for about 36 percent of ransomware samples they detected in 2014-5015. Attackers have moved away from locker ransomware because the disabled interface prevents victims from paying in crypto currencies such as Bitcoin, which are faster and less traceable, so better for the recipients. However, experts expect that locker ransomware may regain popularity with attackers because it can affect mobile devices and devices on the “Internet of Things.”
  • Crypto ransomware encrypts files on the target system so that the computer is still usable, but users can’t access their data. It typically uses strong industry-standard encryption schemes, often with encryption keys that time out, adding urgency to the ransom payment deadline. Crypto ransomware leaves the user interface functioning, so that users can get to the Internet to make ransom payments in crypto currency. Symantec say that crypto ransomware makes up 64 percent of the samples that their software detects.

The success of any given ransomware variant depends in part on the technology and part on how skillfully the attackers are able to exploit the fears of the victims. On the technical side, successful ransomware needs to evade detection by security software long enough to install itself and do its dirty work, and it needs to employ locking or encryption strong enough that it can’t be easily broken. But powerful ransomware is now widely available on the Dark Web for free, so any “script kiddie” (a technically unsophisticated would-be hacker) can mount an attack in return for giving the developer a share of the profits. The successful cyber-extortionist is also able to work the psychological scam, scaring victims into paying rather than taking defensive measures, and giving them reasonable confidence that their systems will be restored plus enough technical support that they can figure out how to pay in cyber coin.

Ransomware attack vectors

As with other malware, the spread of ransomware often depends on user ignorance, but cyber-extortionists have come up with a few new tricks to infiltrate systems. Ransomware enters systems through four main channels:

  • Social engineering: Ransomware is often downloaded by unwitting users. Phishing emails induce users to click on bad links or download and open malicious attachments. According to the ICIT report, criminals will hire services to redirect users from adult content sites or media piracy sites to their downloads (adding shame to the urgency of fear when the user is trapped) or they will use malvertisement services to bait users from ads on legitimate web sites. Bad guys are also now using social media messaging as an attack vector for malware. This is harder for organizations to defeat because the attacks are now running under HTTPS/SSL, so that it’s harder to detect the malware.
  • Layered attacks: Criminals who have already infected a system sometimes sell access to ransomware criminals. The undetected malware on the so-called “zombie” machine can download the ransomware and remain after the ransom is paid, waiting for another opportunity to steal data or extort payment.
  • Embedded: Ransomware is sometimes embedded in seemingly legitimate downloads such as software updates or resume files. Fake Adobe Flash updates are a notorious Trojan horse for delivering ransomware because Flash is so ubiquitous in browsers around the world. As this Symantec post shows, the fake update pages can be very convincing.
  • Self-propagation: Once inside a network, some ransomware can seed itself to additional computers or other devices via SMS messages or a user’s contact list.

While user awareness can help deter the spread of ransomware, the other three sources are more difficult to isolate and stop.

Fighting fear itself

At this point, the technology behind ransomware is formidable, as developers employ stronger encryption and more tactics to elude detection. Eventually, security technology will catch up, but in the meantime, organizations and individuals need to avoid giving in to fear because that is the ransomware criminal’s greatest weapon. Just as the earliest forms or ransomware extorted users with non-existent threats, much of today’s ransomware is not as invincible as it seems, which is why attackers keep coming up with scarier tactics for their malware. One of the most brutal is the Petya virus, described in a recent Kaspersky blog. Not only does the malware attempt to lock the whole hard drive at once rather than slowly encrypting individual files, its user interface is a grinning skull and crossbones made mostly of dollar symbols.

 

It’s T-minus two months until the Olympic torch and a parade of international athletes enter Maracanã Stadium in Rio de Janeiro to open the 2016 Olympic Games. And about an hour flight from Rio, in a new office in Sao Paolo, Airbnb’s nearly 20 Brazilian staffers are in crunch time. Back in March, Airbnb won a bid to become the “official alternate accommodation service provider” of the 2016 Olympic Games. That’s a mouthful, but it’s the first time such a title has been doled out at any Olympics. By scoring said plaudit, Airbnb beat out local services Hotel Urbano (a vacation-package sale site) and Alugue Temporada (a property-rental site popular in Brazil and owned by HomeAway). Airbnb has not disclosed how much the contract is worth, and Rio 2016 has not responded to a request for comment on the partnership. “With visitors traveling from around the world, Rio residents get to serve as diplomats to their home country, hosting a global audience with real, authentic Brazilian hospitality,” Airbnb co-founder Joe Gebbia said at a press conference in Rio announcing the partnership earlier this year. That’s a sea change from the 2012 Olympic Games, during which London homeowners were threatened with the possibility of fines should they attempt to rent out their homes to guests. According to Reuters, this is the first time a major sporting event has “turned to the general public, and their extra rooms, to solve a short-term spike in demand for accommodation. ” This year, visit the Olympic Games ticket-booking website, and you’ll see that booking a home or room on Airbnb is an official option. And Airbnb itself has an Olympics-themed landing page. And that’s about the extent of the partnership–on the surface. The back-end of things is far more complex. Airbnb promised the International Olympic Committee it would be able to provide more than 20,000 lodging options. That’s a lot–for a company that launched in Brazil in 2012 with just 3,500 listings. As a result, Airbnb has been adding shared homes, rooms, and full estates to its country listings–especially in Rio–at a rapid clip. Getting up to speed. Managing this growth has been Airbnb’s new Brazil country head, Leo Tristao, a former Google employee whom Airbnb hired away last year from Facebook. (He was Facebook’s head Brazil manager as well.) Tristao immediately identified a surprising complication–and we’re not talking about the country’s economic recession or the looming threat of the Zika virus. Eighty percent of the roughly 7.5 million tickets for the Olympics would be going to Brazilians. Meaning: The Brazilian hosts in Rio would be far more likely to be serving as diplomats to their own compatriots than to frequent globe-trotters. This situation would be new for Airbnb Brazil. The audience for the World Cup–the most similar recent event and a potential test-case for how this Games would play out for the company–was just 6 percent domestic. So, more than 90 percent of people who needed lodging were international travelers. And international travelers–the frequent travelers at least–are far better-versed in the ways of Airbnb than Brazilians, in general. “The hosts in Rio are already used to hosting international travelers usually,” Tristao says. “So we are more concerned about local Brazilians–how to educate them and make booking easy for them.” Planning for payments, hosting. Considering the fact that Brazil is deep in its worst recession in 25 years, opening up a variety of payment options to those who can afford to travel would be key. “Very, very key,” says Tristao. There are systems unique to Brazil that Tristao’s team wanted to be able to offer to locals. One of them: a popular debit-card-like payment system involving credit cards issued by local banks. There’s also the Boleto Bancário. It’s a form of payment native and specific to Brazil. It’s something like the bar code on a U.S. check. So to make a payment, for example, an individual has to scan a Boleto code from a merchant onto his or her phone to make funds automatically withdraw from their checking account. Boletos can also be paid at ATMs, local banks, or some supermarkets. Also, Tristao says, “Brazilians love to pay in installments, so we had to make that available, too.” Aside from payments, Airbnb Brazil will need to educate hosts to be patient guides for those new to the process. “It’s about showing our community the little tips from the moment a guest contacts them on the platform, through the booking flow, through the check-in,” Tristao says. His staff has been coaching hosts to be extra responsive–and to answer guests’ every-last question. “We want every guest to have a five-star experience.” He says while interactions through the Airbnb website may take some extra coaching, most Brazilians don’t need any help when it comes to the actual “hosting” part. “Sometimes,” he says, “I joke to my colleagues that hospitality is in our blood.” Expanding geographies. The downturn has perhaps helped Airbnb exceed its promise to Rio 2016: It is already up to 25,000 rooms available throughout Rio–5,000 more than it pledged. “Brazil is in an economic situation that is not favoring employment,” Tristao says, speaking euphemistically. He says Brazil’s sour economy has been an impetus for many eager hosts, as renting a room can help generate additional income for families. Rio is already the largest market in Latin America for Airbnb. Tristao says he’s proud of the expansion within Rio in particular, because it includes lots of lodgings in neighborhoods not populated by hotels or typically visited by tourists. And the company is pleased with its economic impact: During the World Cup in Rio two years ago, it provided $38.3 million in revenue for local hosts. Considering Airbnb Rio has been growing 87 percent year-over-year, this could, recession be damned, be a really huge year for Airbnb Rio.

Beijing can be a pretty informal place. People walk outside in their pajamas, and when it’s hot some men lift up their shirts to expose their bellies. Even President Xi Jinping dresses down, usually in his trademark dark windbreaker.
The authorities have determined that one place in China’s capital has gotten far too casual: the marriage registration office.
“Some people wear sleeveless shirts and shorts, or slippers, to register their marriages,” Han Mingxi, head of the wedding registry office for the Beijing Civil Affairs Bureau, told Beijing Daily, the official newspaper of the city’s Communist Party committee. “You see them and can immediately tell their attitude toward the marriage registry is too casual. This can easily create all sorts of problems.”
China has seen an increasing divorce rate in recent years, a phenomenon that has been especially pronounced in Beijing. While the number of couples marrying each year from 2011 to 2014 remained constant around 170,000, the number divorcing over those years climbed to 56,000 from 33,000, according to the Beijing Civil Affairs Bureau.
As part of new rules going into effect on July 1, wedding registry officials will elevate the sense of ceremonial formality, Mr. Han told Beijing Daily. But unlike bouncers at an exclusive nightclub, registry officials won’t be able to turn away slovenly dressed couples. The new rules will not allow people to be blocked from having their marriages registered, Mr. Han said, but rather will call for officials to make suggestions about appropriate attire.