Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Alarming' Rise In Ransomware Tracked (bbc.com)

Posted by BeauHD on from the return-on-investment dept.

An anonymous reader quotes a report from BBC: Cyber-thieves are adopting ransomware in "alarming" numbers, say security researchers. There are now more than 120 separate families of ransomware, said experts studying the malicious software. Other researchers have seen a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns. The rise is driven by the money thieves make with ransomware and the increase in kits that help them snare victims. Ransomware was easy to use, low risk and offered a high reward, said Bart Parys, a security researcher who helps to maintain a list of the growing numbers of types of this kind of malware. Mr Parys and his colleagues have now logged 124 separate variants of ransomware. Some virulent strains, such as Locky and Cryptolocker, were controlled by individual gangs, he said, but others were being used by people buying the service from an underground market. A separate indicator of the growth of ransomware came from the amount of net infrastructure that gangs behind the malware had been seen using. The numbers of web domains used to host the information and payment systems had grown 35-fold, said Infoblox in its annual report which monitors these chunks of the net's infrastructure. A lot of ransomware reached victims via spear-phishing campaigns or booby-trapped adverts, he said, but other gangs used specialized "crypters" and "packers" that made files look benign. Others relied on inserting malware into working memory so it never reached the parts of a computer on which most security software keeps an eye. Ars Technica reports that drive-by attacks that install the TeslaCrypt crypto ransomware are now able to bypass Microsoft's EMET.

48 comments

  1. Being alarmed is good by Hentes · · Score: 4, Interesting

    Once you're hacked the bad guys can do a lot of nasty things to you and your data, shaking you for a few bitcoins if you don't have backups is pretty much the cheapest way you can find out about having a security hole. Data theft, APTs or even remote sabotage by a state agent can cause a lot more harm than ransomware, often without you even noticing. The spread of ransomware is actually very good for security, because it brings hidden vulnerabilities to light and associates an exact cost to them rather than for example the nebulous cost of losing sensitive data of costumers. Thus, ransomware alerts companies to vulnerabilities and bad backup practices, provides a financial incentive to fix those problems, all the while causing much less harm than the lack of those fixes would. Ransomware is doing more for security than a thousand conferences could.

    1. Re:Being alarmed is good by Anonymous Coward · · Score: 4, Funny

      ...rather than for example the nebulous cost of losing sensitive data of costumers.

      This leaves me with the question of why costumers in particular hold all this sensitive data. Is it because they know the actual sizes of the models they make costumes for?

    2. Re:Being alarmed is good by Anonymous Coward · · Score: 1

      This could be the event that forces Microsoft to dump the Windows core and adopt a professional *nix kernel. Their bread and butter is business licensing and when the risk of running Windows seriously threatens a business's profit (i.e. downtime, escalating infrastructure costs), we'll start seeing true legal action against Microsoft take place. No amount of EULA and contract disclaimers will keep the highest priced corporate lawyers at bay.

      Maybe they do see that the days having a proprietary and highly-buggy core are numbered. It explains their recent forays into MS-Linux and (limited) open sourcing of various products. Perhaps there's hope.

      Captcha: shockers

    3. Re:Being alarmed is good by Anonymous Coward · · Score: 0

      No, it's not good. Ransomware is already a dumb idea for most users anyway. Alarmed users are just going to make more mistakes, send payments to wrong decryption key providers (or get so flummoxed that they can't figure out how to pay ransoms at all). You don't want to have to deal with additional support tickets from these people.

      If popularity is making ransomware alarming, then maybe popularity isn't a good-enough reason to install ransomware. Like many other fads, you don't need to be on the bleeding edge on this one. Let it either burn out or show its value. And particularly with ransomware, nobody has ever really shown any good reasons to be running that crap. Fucking useless.

      BTW, another problem is that they're almost all closed-source, including the key! If, for whatever reason, you're unable (or unwilling) to pay the ransom, you should be able to decrypt your data yourself, without being locked into a single decryption key provider. It's your data, not theirs.

      Just Say No, people. This is another one of those things Nancy Reagan accidentally got right, whether you agree with her on drugs or not.

    4. Re:Being alarmed is good by The-Ixian · · Score: 1

      I am not so much 'Alarmed' as I am 'Startled'

      --
      My eyes reflect the stars and a smile lights up my face.
    5. Re:Being alarmed is good by Anonymous Coward · · Score: 0

      " The spread of ransomware is actually very good..."

      Today's Word: bullshit

    6. Re:Being alarmed is good by Anonymous Coward · · Score: 0

      Alarmed users just means that snake oil salespeople will sell "anti-ransomware" applications, right next to the anti-malware, firewall, disk firewall, and antivirus application. It means another $50 bucks a year for a subscription service. Of course, will it actually stop a 0-day? Extremely doubtful.

      Of course, the real answer is not extremely complicated, but it requires a change in the user's actions:

      At the SOHO end, it isn't too difficult to put in a fairly robust anti-ransomware thing, but it takes more than just tossing some software and calling it done:

      1: Buy two NAS machines (preferably two drives or more for RAID protection). Synology, QNAP, whatever.
      2: Configure one NAS with multiple shares. Install Veeam on PCs and have them dump to the NAS. Install a backup utility just for documents, and have that dump to the NAS on a second drive. The reason for having two separate backups is to have an "oh crap" backup ready for a bare metal restore, and a much smaller backup with just documents which would cost far less when stashing offsite.
      3: Configure the second NAS as a backup (not replication) target for the first NAS. The second NAS should have no authentication that the clients of the first NAS can use.
      4: Configure the first NAS to back documents up offsite. I use Amazon S3 buckets for this.

      This provides 3-2-1 production, three copies, two copies on different NAS appliances, and a copy of the documents stashed offsite securely.

    7. Re:Being alarmed is good by houstonbofh · · Score: 3, Informative

      This is not a Windows thing. It is tricking someone into running a bit of software that with that users access only can lock all your data. If written for *nix, it would work on *nix.

    8. Re:Being alarmed is good by houstonbofh · · Score: 1

      It is improving security practices in classic Darwinian fashion. Companies with good security practices and good backups are not having an issue. People trying to keep IT to the lowest cost and ignoring recommendations and best practices are getting burned hard.

    9. Re:Being alarmed is good by houstonbofh · · Score: 1

      Alarmed users just means that snake oil salespeople will sell "anti-ransomware" applications, right next to the anti-malware, firewall, disk firewall, and antivirus application. It means another $50 bucks a year for a subscription service. Of course, will it actually stop a 0-day? Extremely doubtful.

      The most effective anit-ransomware application / service is Backblaze or Carbonite. And frankly, if more people used backup services, that would be a good thing.

      I do agree with your recommendation, and I am actually doing that exact thing at a few clients with Nas4free. But it is a bit complex for many small businesses, and Backblaze is easy!

    10. Re:Being alarmed is good by Anonymous Coward · · Score: 0

      Not only that, they know all the superheroes' secret identities!

    11. Re:Being alarmed is good by jellomizer · · Score: 1

      Yea! after this attack we improved our security. Too bad people died from the attack to learn the vulnerable locations.

      Many of these attacks are targets towards health care institutions as they are typically behind in security for various reasons.
      1. Expensive equipment - You are going to pay millions of dollars for some equipment you are going to want to keep it going as long as possible. That means it may be operating with decades old software. But normally that isn't a big issue, as the software while old still works fine.

      2. Incompetent vendors - Many healthcare software vendors try to push the software out as fast as possible, using the cheapest staff they can find to build it, often building parts that the developers have no idea on what they are suppose to do. Often the IT Employees at the institutions know how the product works better than the vendor who made it.

      3. Health Care has a lot of data. Millions of patients with hundreds of visits makes a rather large set of data, making migration of a rather simple system a big project compared to many other sectors. It isn't just an import file option. ...

      With cloud and hosting centers a targeted attack towards an other group may affect other areas which are not well known. That Evil Corprate Bank may be using the same data center that your local fire department is using to manage its 911 traffic.

      Lets be real. The person who attacks the IT infrastructure is in the wrong. The one getting attacked is the victim. Don't justify it as helping them improve security when your process has a huge causality behind it.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    12. Re:Being alarmed is good by ThatsNotPudding · · Score: 1

      This leaves me with the question of why costumers in particular hold all this sensitive data.

      Well, being scary is a big part of their business, especially in October.

    13. Re:Being alarmed is good by mspohr · · Score: 2

      Years of Windows vulnerabilities have not convinced Microsoft to switch to a more secure foundation (backwards compatibility would be a big problem).
      Customers (sheeple) don't seem to mind the problems. Those that do have already switched.
      I used to work for a large international organization which ran Windows. We did a lot of traveling to places with dodgy Windows infrastructure. My colleagues would always get infected (usually by USB). I installed Linux on my travel laptop and never had a problem. The HQ (Switzerland) also had a constant problem with various malware infections and attacks. It was a constant battle (and they were losing). It didn't help that there was a lot of politically sensitive data on the network which was a ripe target.
      If you're using Windows, you're a sitting duck and you only have yourself to blame.

      --
      I don't read your sig. Why are you reading mine?
  2. From TFA by Rik+Sweeney · · Score: 5, Insightful

    A lot of ransomware reached victims via spear-phishing campaigns or booby-trapped adverts

    And this is why people use ad blockers.

    --
    Summation 2
    1. Re:From TFA by Anonymous Coward · · Score: 0

      I wouldn't mind being booby-trapped.

      Dependent upon the actual booby, of course.

    2. Re:From TFA by Anonymous Coward · · Score: 0

      This seems to be the kind where they grab you by the balls and place a sharp knife next to them. Pay, or else...

    3. Re:From TFA by Anonymous Coward · · Score: 0

      oi prefer them in pairs meself

    4. Re:From TFA by ThatsNotPudding · · Score: 1

      A lot of ransomware reached victims via spear-phishing campaigns or booby-trapped adverts

      And this is why people use ad blockers.

      And why anti-ad block sites like Forbes, WSJ should be vilified by making the Web less safe for everyone; they want all the ad money, but zero the responsibility of verifying / sanitizing their ads (which is a perfect example of the rampant greed the worship).

    5. Re:From TFA by Anonymous Coward · · Score: 0

      That's my fetish.

  3. backups backups backups by Anonymous Coward · · Score: 1

    Why pay the ransom? Restore from your previous backup and carry on.

    What's that, you say? You don't make backups?

    The personal computer revolution began in the mid 1970's and was in full swing by the end of the 70's with everyone from Radio Shack to Apple jumping on the bandwagon. That's 40 years that people have had available to learn. For almost that entire span, the advice has been to make backups. Remember all the advice to store your important data on two separate cassettes, because they were so fiddly?

    If, after 40 years of hearing "make frequent backups!" and "back up your important data!" people are still not making backups, well, the consequences of that choice belong to them. Yes, it's assholish to deploy ransomware, but it isn't like computers don't give you both ample means of almost perfectly protecting yourself, and ample means of recovering after the fact even if you failed to do that.

    If you don't avail yourself of either, maybe it's about time you learned. People don't learn by being shielded from the consequences of their choices. The world does contain bad people, and always will, and what you should do is protect yourself rather than holding the unrealistic expectation that nobody will ever try to do anything bad to you.

    1. Re:backups backups backups by Ol+Olsoc · · Score: 2

      but it isn't like computers don't give you both ample means of almost perfectly protecting yourself, and ample means of recovering after the fact even if you failed to do that.

      If you don't avail yourself of either, maybe it's about time you learned. People don't learn by being shielded from the consequences of their choices. The world does contain bad people, and always will, and what you should do is protect yourself rather than holding the unrealistic expectation that nobody will ever try to do anything bad to you.

      I don't know the answer to the backups dilemma. About the only justification for the cloud I've seen is the ability to backup - although I trust my backup system more.

      But the idea that the internet has to be a Game of Thrones type neighborhood is a little over the top. This is yet another example of the critical need for ad blocking, and script blocking. And if the mainstream sites don't do something about serving up ransomware and other problems with their ads, they'll just have to forgive me if I don't invite the Visigoths at the gates in.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  4. Are the ad companies responsible? by TheCastro1689 · · Score: 2

    If ads are where the viruses is, who can we hold responsible for them? The website hosting the ads, the company supplying the ads to the website, or are they hacked ads?

    1. Re:Are the ad companies responsible? by Ol+Olsoc · · Score: 2

      If ads are where the viruses is, who can we hold responsible for them? The website hosting the ads, the company supplying the ads to the website, or are they hacked ads?

      I think the partial solution to this issue is for websites that depend on advertisements to band together and place demands upon the ad suppliers to vet the ads for suitability. Hacking ads can still happen, but they will be found quickly. Not a perfect solution - there is none - but as adblocking leaves the avoiding inconvenience arena to the full blown protect your system's ass critical need, we are reaching a tipping point.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    2. Re:Are the ad companies responsible? by swb · · Score: 4, Insightful

      How about ads being forced to be static images or text only, with no fucking Javascript, flash or any other programmatic content? The ads are less annoying and the opportunity for useful malware payload gets closer to zero.

      Since those kinds of ads won't go away completely, the sites or the advertisers themselves can create them which will greatly reduce the opportunity for anonymous content injection into ad networks.

      Sure, it's less efficient for advertising, but its a hell of a lot safer. I hate to think that the reason ads are so insecure is so that the advertising industry is more efficient. It's like their single digit percentage increase in profit is being paid for by huge security costs everywhere.

    3. Re:Are the ad companies responsible? by Anonymous Coward · · Score: 0

      It would be nice for that to happen by default, but advertisers don't want that because then they can't collect as much information about you. However you can still do that yourself by setting your computer up to not run javascript by default.

      Running javascript by default has been one of if not the single biggest web security problem in recent years. Nobody should be doing that any more, in 2016. Disable it by default and only enable it very selectively.

    4. Re:Are the ad companies responsible? by The-Ixian · · Score: 2

      Something tells me that the cat is out of the bag on adblocking.

      Even if advertisers tone things down, people will likely still block ads because they can.

      Right now, we have good justification for blocking ads. But even if things change and advertisers go back to text or static images, people will find some other justification for running their ad blockers.

      --
      My eyes reflect the stars and a smile lights up my face.
    5. Re:Are the ad companies responsible? by Anonymous Coward · · Score: 0

      I think the partial solution to this issue is for websites that depend on advertisements to band together and place demands upon the ad suppliers to vet the ads for suitability.

      That is not happening; why would it? Websites have no reason to do what you're talking about.

      It's no skin off my butt, as a webmaster, if you run malware. Not only am I not going to be held responsible for whatever you download+install+run, but it's also very unlikely that you're even going to know which website referred you to the malware. If you did blame me, it's just as likely that you're right, as you're wrong (and got it from somewhere else and blamed me, or got it from me and blamed someone else).

      Middlemen have no incentive to work on this.

    6. Re:Are the ad companies responsible? by Ol+Olsoc · · Score: 2

      I think the partial solution to this issue is for websites that depend on advertisements to band together and place demands upon the ad suppliers to vet the ads for suitability.

      That is not happening; why would it?

      Because this isn't two years ago. While I've used ad and script blocking for years, it has escaped form us geeks, and now even Grandma uses it. I've installed adblockers on many computers that were brought to me by Grandmas and others. THe computers were brought in because they were slow, and "there must be something wrong." Yup, clogged by advertising and scripts. Old Ol sped them right up. Only negative is sites like Forbes won't let you in. Or is that a positive? Websites have no reason to do what you're talking about.

      And yet, we've been seeing a lot of whining about adblockers, and some sites like Forbes, demand you turn them off to gain access. Then promptly serve you up some malware if yu are foolish enough to do that in order to see their content. Sorry, I nave no conceivable need for Forbes and their ilk.

      It's no skin off my butt, as a webmaster, if you run malware. Not only am I not going to be held responsible

      I do believe that you are not responsible. Not at all.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    7. Re:Are the ad companies responsible? by houstonbofh · · Score: 1

      Sure, it's less efficient for advertising, but its a hell of a lot safer.

      I am thinking it would be much more efficient. Almost everyone is running an add blocker now, and many are blocking all scripts as well. A static image on a website, however, is not blocked, so people will actually see it and may click. Static images and pay per click may actually generate both more interest and more money. All while stopping malware and popups. :)

    8. Re:Are the ad companies responsible? by TheCastro1689 · · Score: 1

      If you use Ublock Origin you can get Forbes and NYT.

    9. Re:Are the ad companies responsible? by Ol+Olsoc · · Score: 1

      If you use Ublock Origin you can get Forbes and NYT.

      I'm content with avoiding sites that demand I accept their malware.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  5. title by Anonymous Coward · · Score: 0

    I was expecting a more intelligible title from the BBC. They are British ffs

  6. The problem by Anonymous Coward · · Score: 0

    The problem isn't that ransom-ware funded organisations exist, it's that people keep paying them. Selfish, short-sighted people.

  7. It wuz haxx0rz! by Anonymous Coward · · Score: 1

    Once the bogeyman visits you? Next you'll tell us you believe in fairies too. And bad guys? You've just told us they're doing us a service. How can that be bad?

    I'm not sure what you're getting at, but being deliberately obtuse is something the "computer security industry" is pretty good at. Next to continuously "warning" and "alarming" and "advising" us with their tales of woe. What they're not good at is actually fixing the mess that they're promising to "protect" us against. Their "fixes" often as not aren't. In fact, it's fairly clear they're making too much money out of our misery to actually deliver us from all that. And these are the "good guys"? What?

    1. Re:It wuz haxx0rz! by houstonbofh · · Score: 1

      Good backups means cryptoware is not a problem. It also means hard drive failure, malicious employees, and hackers deleting stuff is not a problem. And yet many people still do not have good backups. If the press from this means that most people end up making backups a priority, it will help lots more then people with cryptoware. This also works for teaching people not to click every damn thing, and so on.

  8. Tracks the rise in spam by Anonymous Coward · · Score: 0

    They wouldn't do it if people didn't pay them.

    1. Re: Tracks the rise in spam by Anonymous Coward · · Score: 0

      Sadly, they would.

  9. Depends by Anonymous Coward · · Score: 0

    Are we classifying systemd as Ransomware yet?

    1. Re:Depends by houstonbofh · · Score: 1

      Are we classifying systemd as Ransomware yet?

      No, it is a trojan that brings in other malware.

  10. There won't be "some other" justification by Anonymous Coward · · Score: 0

    People could pretty easily block ads since the late 90s (with ad-blocking proxies, and then Firefox's plugins brought it to the masses in 2002), and even back then we had good justification for it (speed; I was on dialup until 2006!!). Yet most people didn't bother.

    Something changed in just the last couple years. It didn't really get easier or much more justified (from the PoV of techies). What I think really happened, was this: Snowden.

    The mainstream has finally caught on that the Internet is an us-vs-them situation, where you're in zero-sum conflict with a lot of enemies. "They" are watching you, and the hostility is no longer concealed. We don't always agree on who "they" are, but now you're not a tinfoil hat guy if you say "they" exist and are definitely spying on you. So fuck "them." And the ad companies are either "them" or technologically similar to "them" so they're caught in the crossfire.

    We won't need a new justification. The nerds gave it to the mainstream in 2013, and this one is forever. There won't -- can't -- come a day when it ceases to apply. It's not like "they" are going to stop using the Internet.

  11. Expected by Anonymous Coward · · Score: 1

    When the recommended advice of security professionals is to pay them, what did you expect to happen?

    1. Re:Expected by houstonbofh · · Score: 1

      Actually, the recommended advice is to have good backups, and don't click on unsolicited attachments... And funny enough, most people who have a house fire get smoke alarms for the next house.

  12. I get lots of "free gift card" junk mails now by peter303 · · Score: 1

    They feel more effective than "you've won lottery" or African heir spams. I dont click on any.

  13. Yes they are by Anonymous Coward · · Score: 0

    Even companies with good backup practices are still getting burned. Developers routinely wait until code changes are tested and working before committing them to version control, which means that even with good backups, a company can lose a few weeks of developer time when ransomware strikes. Most companies do not do daily backups of developer laptops on a daily basis.

    Granted, it won't bankrupt most companies, but it's still costly nonetheless. Worse, if there's a shared directory mounted, even if backed up, recovery can take a day or more.

    1. Re:Yes they are by Anonymous Coward · · Score: 0

      Then they're doing it wrong. If any of my developers were in the habit of not checking in chenges for weeks at a time, they would be fired.

    2. Re:Yes they are by houstonbofh · · Score: 1

      Check in or back up. It is not rocket surgery. Just subscribe the laptop top backblaze and you cover that.

  14. Adblockers by bl968 · · Score: 1

    This is why you run adblockers everywhere...

    --
    "GET / HTTP/1.0" 200 51230 "-" "Mozilla/4.0 (compatible; Setec Astronomy)"