Article Written by Doug Hanchett, Acronis
With its scary name, unnerving anonymity and insidious
nature, ransomware
has crawled out of the shadowy recesses of the internet to become today's top IT
threat.
"Ransomware is becoming a pandemic," cybersecurity expert Eric
O'Neill said during a
2017 webinar for the launch of Acronis Backup 12.5. "These [attacks] are
hitting us month after month after month, week after week."
But this pandemic didn't happen overnight. In fact,
ransomware originated way back in 1989 with the AIDS Trojan -
malware that was distributed on 3.5-inch floppy disks. Until recently, however,
ransomware attacks were small and sporadic.
That began to change in 2015 as the number of ransomware
incidents began to steadily increase. By 2016 a few high profile cases started
to make headlines:
- In February, Hollywood Presbyterian Hospital had
to revert to pen-and-paper recordkeeping for more than a week after a
ransomware attack took control of its systems. It eventually paid $17,000 worth
of bitcoin to regain access.
- In November, San Francisco's light rail system
was the target of an attack with the perpetrators hitting the agency's
electronic payment system and brazenly demanding more than $70,000 worth of bitcoin.
Rather than pay the ransom, the agency
simply let passengers ride for free until it could restore the affected
systems.
- Then there was the WannaCry
attack in May of 2017, which tore across the globe
and infected almost a quarter million machines in 150 countries over the course
of just a couple days.
Not
only are ransomware attacks on the rise, but research by enterprise
security firm Symantec shows that the average ransom demand tripled in 2016, as
did the number of different ransomware families.
Everyone expects that trend to continue. So let's take a
closer look at ransomware and how you can protect yourself from this emerging menace.
What is Ransomware?
Ransomware is malicious software that infects a device and essentially
holds it hostage, blocking access to it or the information stored on it. In
order to unlock the device or the data, the user is required to pay a ransom, usually
in widely used e-currency like bitcoin.
There are two main types of ransomware:
-
So-called Windows blockers that block the
operating system or browser with a pop-up window.
-
Encryption-based ransomware that encrypts files
and folders behind the scenes.
Encryption-based ransomware is what most people think of
today when discussing ransomware. Once the files are encrypted, the ransomware
opens a window on the screen explaining that the files are encrypted and that
the victim has to pay a ransom to get them decrypted.
It's interesting to note that while most ransomware
attackers will act kindly to their victims and offer them assistance in
navigating the world of bitcoin, it's just a façade: according to Symantec,
only 47 percent of victims actually get their data back after paying the
ransom.
As a result, the Department of Justice advises victims to think twice
about paying any ransom.
How Ransomware Works
Ransomware is spread in a number of ways, including via
websites, social media and instant messaging apps. But the most common approach
is through "spear phishing" emails that trick the recipient into opening an
attachment that launches the attack.
In a typical scenario, a user receives an email designed to
look like something important - an invoice or a receipt from some company, for
instance. The email usually contains an attachment along with some devious language
that makes it hard to resist opening the attachment - something like "Here are
the details of your recent purchase. Please review the attached receipt."
Human nature is to think "I don't remember buying anything
from them. What the heck?" and the recipient clicks on the attachment to find
out more. Bad move.
Opening the attachment enables a small piece of malware
called a downloader to run. The downloader does what its name implies:
downloads the ransomware. Once the ransomware is installed, it begins quietly
encrypting files and folders unbeknownst to the user.
A Real World Example
Although it has been around for almost 30 years, ransomware
burst into the greater public consciousness with WannaCry, the largest
ransomware attack ever. WannaCry spread like wildfire and affected a diverse
collection of entities, including FedEx, Spain-based Telefonica, Britain's
National Health Service, German railway company Deutsche Bahn, and LATAM
Airlines.
WannaCry spread quickly by exploiting a known vulnerability
in Microsoft Windows. Fortunately a sharp-eyed British IT consultant discovered
a "kill switch" in the WannaCry code that helped put the brakes on it, although
variants continued to crop up for weeks afterward.
"WannaCry did not incorporate what we call a classic ‘zero
day' attack where there is no advance warning," Gregory Touhill, former Chief
Information Security Officer of the United States, told the United States Congress
during
its hearings into the attack. "Most programs are not written like WannaCry
and aren't so easy to stop. We were lucky. I believe WannaCry was a slow-pitch
softball, while the next attack is likely to be a blazing fastball."
How to Protect
Yourself
The first line of defense is keeping your software and
systems updated. In the case of WannaCry, it spread through a glitch that Microsoft
had patched two months earlier. Many of its victims would have been protected
had they simply downloaded and installed Microsoft's fix.
Second, any data protection strategy should include a strong
anti-virus solution as a matter of course. Unfortunately, traditional signature-based
detection is often useless against ransomware because cybercriminals tend to
encrypt their malware to make it harder to spot. Plus the bad guys research anti-virus
solutions to uncover weaknesses in detection technologies or program
architectures in order to evade discovery.
So the easiest defense against ransomware is a strong,
consistent backup regimen - something all anti-virus vendors recommend. Regular
backups of your data
that are secured off-site make ransomware almost toothless. If you are hit by an
attack, there's little to worry about because you have safe, secure copies of
any files that might have been encrypted.
"Individuals or businesses that regularly back up their
files on an external server or device can scrub their hard drive to remove the
ransomware and restore their files from backup," Peter Kadzik, assistant U.S.
Attorney General, wrote in a letter to Congress in 2016. "If all individuals
and businesses backed up their files, ransomware that relies on encrypting user
files would not be as profitable a business for cyber criminal actors."
That said, it's always best to stop a ransomware attack as
quickly as possible. And that's where Acronis comes in. Not only do we deliver
the world's fastest, most reliable backup solutions, but Acronis Active
ProtectionTM is the first backup technology that actively protects
your data against ransomware.
Fight Back Against
Ransomware
Acronis Active Protection works in real-time behind the
scenes to detect and deflect ransomware attacks. Here's how:
Acronis Active Protection uses sophisticated analysis and
artificial intelligence to monitor your system. If it spots any errant behavior
or suspicious processes, it stops the activity and blacklists the program
responsible for it, ensuring that it can't restart on the next reboot.
If ransomware somehow does manage to sneak through and start
encrypting files, Acronis Active Protection will quickly detect the encryption
and halt it - automatically restoring the files to the most recently backed up
version.
In addition, Acronis Active Protection is designed so that
only Acronis software can modify backup files. This robust self-protection
mechanism means that ransomware can't short-circuit backup operations and alter
the content of backup files.
How effective is Acronis' solution? In testing by an
independent lab, Acronis
Active Protection significantly outperformed 22 anti-virus solutions in
recognizing and stopping ransomware.
Final Thought
While ransomware might
have started 30 years ago, experts agree that the recent explosion of attacks
indicate we now face a continuous, ever-evolving threat. Individuals
and businesses looking to protect themselves need to be vigilant by not clicking on links that deliver malware, ensuring
their programs and operating systems are updated, and safeguarding their files
via regular backups. Adding Acronis Active Protection takes their data
protection to the next level and provides comprehensive security in today's
increasingly dangerous digital landscape.
##
About the Author
Doug Hanchett is the corporate content manager at Acronis. Formerly an award-winning newspaper reporter, Doug has spent the last 12 years creating killer content for global IT firms.