Ransomware-as-a-Service: How Not To Be Taken Hostage!

March, 2016:  Ransomware, a form of malware that encrypts a victim’s files and demands money to decrypt them again, is now available to scammers “as a service” like any other cloud service. The bad guys don’t even have to be coders anymore! They just sign up for the service, invent a scam to get into victims’ computers and then hold files hostage until a ransom is paid by a certain date.

The only thing that’s missing is a note with cut-out letters. Here’s what you need to know:

What is Ransomware?
Ransomware uses encryption to lock you out of your files, apps or entire computer — it’s the same approach whether the ransomware is as-a-service or not. To get the key (code) to decrypt them, you need to fork over some Bitcoin, typically about $300. You may recall Cryptolocker from 2014 and its spinoffs in 2015.

Today, Ransomware-as-a-Service (RaaS) takes it up a notch in two ways. Not only does it make it easier for even novice scammers to get the malware, the malware service provider gets a cut out of every ransom paid, usually 20%. Some of the players are pretty shady and porn sites are often involved as bait. One new strain of RaaS that’s getting a lot of attention is Ransom32, which is coded in JavaScript so it can infect any computer and operating system. This has cybercops very concerned.

Who’s at risk?
Everyone is at risk. Ransomware masquerades as enticing web ads, innocent-looking links in emails, normal-looking websites and all the usual ways you get malware.

Can ransomware affect my smartphone or tablet?
Ransomware on mobile devices is different. Android devices are indeed targets — often with a lock-screen approach. This is the easiest type to circumvent without paying but it doesn’t always work. There have been some reports of ransomware on Apple iOS devices but phony ransomware popups are much more common on Apple products and they’re relatively easy to deal with.

Is my Mac computer safe?
No, with RaaS every platform can be affected. Just as DropBox and Salesforce are device-agnostic, so is cloud-based ransomware.

I have a smarthome — could ransomware take control?
Anywhere there’s an Internet connection, there can be ransomware. However, taking a home hostage is mostly theoretical right now, with the worst case scenarios being the stuff movies are made of… a scammer locking you out of your house, taking control of your HVAC system, lights, stereo, TV — whatever you control from your smarthome app. If there’s a profit to be made, you can count on the hackers to figure out how to make it happen!

Do I have to pay the ransom to get my files back?
Security experts don’t want you to pay. Giving scammers what they want only encourages them and you might not get the decryption key after you pay. Paying can also open you up to identity theft, depending on how the payment is handled, and you’ll still need to get the malware off of your computer. Be aware that a few strains of ransomware can be outsmarted — check out BleepingComputer’s virus removal/ransomware page if you get a ransom note. Microsoft and Norton (Symantec) offer additional advice and you can find ransomware insights from the Kaspersky ransomware blog.

On the other hand, people and businesses pay ransoms all the time — that’s why RaaS is so popular with scammers! Brute force attempts to rescue the data don’t work so if files haven’t been backed up sufficiently, sometimes it’s easier just to pay the $300. Or the $17,000 if you’re Hollywood Presbyterian Medical Center, for example. Paying is a last resort — don’t do that unless you really, really have to.

Do these three things to protect yourself instead:

1)    Back up, twice. Once to the cloud and once to an external drive.
2)    Make sure your computers and mobile devices are totally up-to-date. Your operating systems, firewall, antivirus apps and the apps you use for work and fun — new versions have the latest patches.
3)    Don’t click. Seriously…don’t. Scammers are clever and can fool even the most tech-savvy frogs so if you’re not completely sure, navigate to the link yourself using your browser.

And just in case you’re thinking you don’t have much to worry about because most of your files are in the cloud, they can take cloud files hostage, too. So don’t forget to back those up.

Leapfrog keeps an eye on cybersecurity issues for our clients at all times. We’re actually pretty obsessed with it. External threats in the form of ransomware and other malware can be so bad that they can shut down your business operations for a while. And since the tools today are also very sophisticated, like RaaS, they can be hard to avoid — but not impossible! Follow the steps above and if you have a business that might be at risk, we’re glad to discuss your options with you.

You may also be interested in: