Ransomware rising, FBI says

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bankingexchange.com/news-feed/item/5330-ransomware-rising-fbi-says

Your computer screen freezes with a pop-up message—supposedly from the FBI
or another federal agency—saying that because you violated some sort of
federal law your computer will remain locked until you pay a fine.

Or you get a pop-up message that says your personal files have been
encrypted and you must pay to get the key needed decrypt them.

These scenarios illustrate ransomware scams, which involve a type of
malware that infects computers and restricts users’ access to their files
or threatens the permanent destruction of their information unless a
ransom—anywhere from hundreds to thousands of dollars—is paid.

Threat affects home and business alike

Ransomware doesn’t just impact home computers, says the FBI. Businesses,
financial institutions, government agencies, academic institutions, and
other organizations can and have become infected as well. This results in
the loss of sensitive or proprietary information, disruption to regular
operations, financial losses incurred to restore systems and files, and/or
potential harm to an organization’s reputation.

Ransomware has been around for several years, but there’s been a definite
uptick in its use by cyber criminals. The FBI, along with public and
private sector partners, is targeting these offenders and their scams.

When ransomware first hit the scene, computers predominately became
infected when users opened e-mail attachments containing the malware. More
recently, the bureau has seen an increasing number of incidents involving
so-called “drive-by” ransomware, where users can infect their computers
simply by clicking on a compromised website, often lured there by a
deceptive e-mail or pop-up window.

Another new trend involves the ransom payment method. While some of the
earlier ransomware scams involved having victims pay “ransom” with prepaid
cards, victims are now increasingly asked to pay with Bitcoin, a
decentralized virtual currency network that attracts criminals because of
the anonymity the system offers.

Also a growing problem is ransomware that locks down mobile phones and
demands payments to unlock them.

Authorities battle ransomware

The FBI and its federal, international, and private sector partners have
taken proactive steps to neutralize some of the more significant ransomware
scams through law enforcement actions against major botnets that
facilitated the distribution and operation of ransomware.

For example:

• Reveton ransomware, delivered by malware known as Citadel, falsely warned
victims that their computers had been identified by the FBI or Department
of Justice as being associated with child pornography websites or other
illegal online activity. In June 2013, Microsoft, the FBI, and its
financial partners disrupted a massive criminal botnet built on the Citadel
malware, putting the brakes on Reveton’s distribution.

• Cryptolocker was a highly sophisticated ransomware that used
cryptographic key pairs to encrypt the computer files of its victims and
demanded ransom for the encryption key. In June 2014, the FBI announced—in
conjunction with the Gameover Zeus botnet disruption—that U.S. and foreign
law enforcement officials had seized Cryptolocker command and control
servers. The investigation into the criminals behind Cryptolocker
continues, but the malware is unable to encrypt any additional computers.

• CryptoWall, a fairly new ransomware variant, has been making the rounds
lately. This ransomware, and CryptoWall 2.0, its newer version, encrypts
files on a computer’s hard drive and any external or shared drives to which
the computer has access. It directs the user to a personalized victim
ransom page that contains the initial ransom amount (anywhere from $200 to
$5,000), detailed instructions about how to purchase Bitcoins, and
typically a countdown clock to notify victims how much time they have
before the ransom doubles.

Victims are infected with CryptoWall by clicking on links in malicious
e-mails that appear to be from legitimate businesses and through
compromised advertisements on popular websites. The U.S. Computer Emergency
Readiness Team says these infections can be devastating and recovery can be
a difficult process that may require the services of a reputable data
recovery specialist.

If you think you’ve been a victim of Cryptolocker, visit the Department of
Homeland Security’s U.S. CERT CryptoLocker webpage for remediation
information. LINK: https://www.us-cert.gov/ncas/alerts/TA13-309A.

Protecting your tech

To protect a computer from ransomware, FBI recommends:

• Make sure you have updated antivirus software on your computer.

• Enable automated patches for your operating system and web browser.

• Have strong passwords, and don’t use the same passwords for everything.

• Use a pop-up blocker.

• Only download software—especially free software—from sites you know and
trust (malware can also come in downloadable games, file-sharing programs,
and customized toolbars).

• Don’t open attachments in unsolicited e-mails, even if they come from
people in your contact list, and never click on a URL contained in an
unsolicited e-mail, even if you think it looks safe. Instead, close out the
e-mail and go to the organization’s website directly.

• Use the same precautions on your mobile phone as you would on your
computer when using the Internet.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!