There was one known ransomware family variant in 2012, according to F-Secure’s State of Cyber Security 2017 report. By 2015, there were 35 variants of the online threat that infects your computer to hold your files hostage for ransom, which exploded to 193 in 2016.
This eruption of ransomware development doesn’t make it much more difficult to defend against the threat.
“Even though ransomware families are growing at an extremely fast pace, they still all use the same sort of ‘delivery systems’ – spam and/or exploit kits,” F-Secure Security Advisor Sean Sullivan told me. “It’s at the front end that we aim to defend our customers first. Besides that, we aim to produce generic detections of bad behavior in our Internet security products including SAFE. All Macro-based threats are bad, and blocked, regardless of what family its pushing.”
It does provide a slight hinderance for the Labs analysis’ efforts.
“What the growth makes difficult, is tracking and reporting,” he said. “We see from our data that we’re generically blocking ransomware, but we may end up losing some visibility on which particularly family was blocked. But that’s a particular tradeoff rather worth making.’
Tracking the families offers both a sense of the pervasiveness of the threat and the criminals who might behind a particular piece of malware.
This subway style map gives you a decent sense of how onerous of a task that has become:
So how can we stop ransomware in its tracks?
Unfortunately, there is no simple solution. Every potential path requires either a historic step or a something resembling a miracle. Here are four unlikely ways the ransomware explosion could be stopped cold, or at least slowed to a more slow, smoldering explosion.
- China could rein in criminal uses of Bitcoin.
The availability of Bitcoin, the open-source virtual currency, has made crypto-ransomware’s business model viable and profitable. Chinese companies have made considerable investments into the vast server farms needed to mine the leading digital currency. 42 percent of all Bitcoin transactions last year took place in China exchanges, according to an analysis performed for the New York Times. Sean has even noticed that the Shanghai Composite Index, one of the nation’s leading financial indicators, correlates at times with the Bitcoin Price Index. “While better blockchain proves them with visibility over their markets, officials in China likely have little financial incentive to see the Bitcoin market hindered in any way,” Sean said.
- Western governments could add new requirements Bitcoin and other virtual currencies.
U.S. and European officials could make a major dent in the availability of Bitcoin with a relatively simple change. “Bitcoin exchange accounts could be required to be tied to a physical address,” Sullivan said. Currently it takes just minutes – or seconds – to open a Bitcoin account in a third-party market. This requirement would require an activation code that’s mailed to you before an account can be opened. While this wouldn’t affect criminals who do business out of Russia and China, it would make their attacks far less profitable.
- Don’t click “Enable Macros” — ever.
Ransomware requires your help to do it’s dirty work. When you’re infected through email, you have to click on an attachment to invite the threat into your machine. And then you need to take the extra step of allowing Microsoft Office to enable macros. If everyone in the world would just stop doing that, ransomware thieves would have to find another business model.
- Everyone immediately begins doing real backups.
Ransomware also works because people need their files. If everyone had offsite backups, the idea of paying the ransom — even if you negotiate the price down — would be ridiculous. Unfortunately, this basic piece of practical advice has been circulating for as long as there has been hard drives. And we haven’t learned yet.
[Image by Marco Verch via Flickr]
Leave a comment