I’m sure many of you are familiar with the traditional gambit of predators on the internet. Viruses, Keyloggers, Worms and more all seek access to your computer via one method or another. Be it a drive by attack from a website or a phishing scheme designed to steal your world of Warcraft account. But now a new concept has arisen, Ransomware.

But what is Ransomware and why should I be worried about it?

Ransomware 101: All your Data are Belong to us now

Data is on lock down, and it’s because you downloaded proncollection.exe from some website that was “legit”

Ransomware is the concept of translating the idea of threatening something important to someone in order to extract money to the internet. So instead of picking up your kids and taking them for a ride, and then threatening to hurt them if you don’t pay up, they encrypt your hard drive and threaten to leave it that way unless you pay up.

Pretty bad huh?

Most commonly this ware is spread via E-mail, but not always. Meaning that there are plenty of ways to get it and not a lot of ways to get rid of it. Fairly recently the concept of Ransomware wasn’t a large issue; most software designed around the concept used very weak kinds of encryption and could be broken by a third party without much trouble. The encryption was weak primarily because they used their own encryption standards that weren’t tested and the code used to encrypt it wasn’t designed using best practice.

All of this led to the Ransomware concept not really gaining much traction.

Until the Ransomware designers decided that maybe instead of using their own form of encryption they should use a better tested system. One version of this malware, Cryptolocker, used RSA-2048 to encrypt the files.

The malware would then use the RSA-2048 system to generate a unique public key to encrypt your hard-drive data. You’d then need to cough up the money to get the unique private key if you wanted to see your data again.

If you don’t pay the money, a server hosting the private key will then delete it. This leaves the entire system completely useless and removes all chance of restoring backup data without using a backup not attached to the main computer.

The RSA cryptosystem is certified by a bunch of different standards meaning that the chances are the keys and the security of the files encrypted will remain safe. Or to put it in other words, because of well tested and well-designed cryptosystems, we’ve got a new kind of malware after our systems.

But Wait, how do they get the Money?

If it weren’t for bitcoin, they’d have no way of getting away with their ill-gotten wealth.

There’s the rub, under normal circumstances there’d be no way of guaranteeing that the money went to the person who’s blackmailing your data. If you pay via credit card or debit card, you could probably get the money back from most normal banks; meaning you’ve got your data back safely and the blackmailer is out of luck and has had one of his accounts fingered as being owned by a criminal.

In short, not something you’d really want to have happen.

Enter in crypto-currencies. The definition of a crypto-currency is…. hard to describe. There are multiple different versions ranging from Bitcoin to Dogecoin to the now defunct Arscoin (A coin created by Ars technia as an experiment). But they tend to be based around the concept that no one entity should be able to massively influence the market, that all transactions should essentially be anonymous and that the community of miners validates the worth of the ledgers of existing crypto-coins.

In short, it’s pretty much the complete opposite of the current banking system as used by the entire world as it stands. Depending on how you feel, this is either a great idea or terrifies you something strong. But that doesn’t really matter. Because no one central authority controls the system and because every transaction is anonymous it’s perfect to extract money from poor buggers who get infected by Ransomware.

So it’s a Perfect Storm then?

Many storms come, this one probably won’t be a big one.

In a lot of ways the danger of Ransomware is really attributed to the use of more publicly tested cryptosystems and the rise of crypto-currencies, with one providing a system that can’t be reasonably cracked by a normal computer system and the other providing a method to extract money from victims without the police of the area your extracting it to being able to tell.

But that’s not the only reason.

Not every criminal is a tech wizard, just like the majority of the population and even the ones on the internet, the subgroup of people who could use these tools is really only those people who’ve more or less been trained to design, sustain and protect these systems or basically anyone who jumped down the rabbit hole into Computer Science.

But in a macabre imitation of the normal market system, there’s been a drive for cyber criminals to simplify these tools to make them easier to use. For instance, one Ransomware system called Cryptowall was rolled into a suite of tools known as the RIG exploit kit which is designed to allow the less technically adroit criminals to use the tools as well.

Where’s the End and what Can I do to Stop this?

Tins like these can be used to store your hard drives. Inside another form of safe storage of course.

The end is far from in sight sadly, as compromising the security of these various cryptosystems means compromising other systems it’s not likely to happen soon. The issue itself is fairly focused on small businesses and individual users meaning that it’s not likely you could just take it to your local police station and get them to fix it either.

All of this means that the end is far from being in sight and we’ll be waiting on Anti-virus systems to develop better methods to detect the files that start the problem in the first place, but it’ll be a while until the systems are tracking Ransomware like they do viruses.

An ounce of prevention of is worth a pound of cure as they say, and this is no different. So here are a few steps to prevent Ransomware from completely ruining your day.

• Make an image of your system, at least once a month.
• Backup your files on a regular basis, depending on how often you create new files.
• Store these backups disconnected from the main computer you use, this will prevent the backups from becoming junk in the event of Ransomware attack.
• Update your anti-virus software and keep it up to date. You should also keep it on, and avoid unneeded anti-virus exceptions to the bare minimum.
• Check your e-mail file attachments, especially from companies/places or people you don’t know (It’s better to delete an attachment and need it, than accept an attachment and have it turn out that it was infected). This applies to links as well.
• Download some privacy and no-script add-ons for your web browser like Fhostery and no script and ad-block plus. These will prevent you from clicking on Ransomware infected ads by accident and provide a bit more protection.

With all these steps it should help to limit and curtail your vulnerability to Ransomware and general malware as well. Stay safe out there folks, and don’t trust those Nigerian Princes!