Skip to content ↓ | Skip to navigation ↓

There is a new and scary development in ransomware.

Ransomware is software that encrypts data on your computer and shared drives and then displays a message demanding payment for the decryption key. Generally, if you do not keep good backups of your data, your data will be lost.

According to a report on a German website, there is a new strain of ransomware that not only encrypts your data but also threatens to publish your photos and personal information on the internet if the ransomware is not paid.

This is a scary development, but I am willing to make a bold prediction that it is a scare tactic with no teeth.

Contrary to the recent advice of a particular government agency, it is not a good practice to pay the ransomware.

One of the reasons that ransomware is so prevalent is due to the simplicity of its mechanism.

The mechanism works whereby the ransomware is deployed and the decryption keys are stored on a server that is created as part of a Domain Generation Algorithm. A decryption key can be stored as a small text file on a server. If the ransom is paid, the key is sent to the victim to decrypt the files on the PC.

It is important to note that at no time during a ransomware attack are the files sent from a victim’s computer to another external server.

Take a moment to examine the amount of data stored on your computer. If you are like most folks, you are probably storing Gigabytes of data. Documents are small, but all of those photos, videos, music files and all of the other targets of modern ransomware add up to an enormous amount of data.

One particular strain of ransomware is known to have successfully targeted more than half a million machines. The decryption keys for all of those machines could be stored in a file that is less than the amount of storage you have on your smart phone.

However, if the data of those half a million machines was exfiltrated to an external entity, not only would the storage amount to a massive collection, but the trail to the storage location would be easy for the authorities to trace.

Another problem with the edentulous threat posed by this ransomware is that the implication of a threatened personal information disclosure would assume that someone is combing through the files for that personal information.

This is a level of involvement that most ransomware criminals do not want to broach. Ransomware is designed for a quick payday for the criminals with little interaction with the victim.

Most people who pay the ransom do so only because they are in the unfortunate position of not having a good backup. Not only is there no added incentive through the threat of information disclosure but the storage of such vast amounts of victim data would beat a neat path to the criminal’s door.

Perhaps a particular government agency could use that to help victims rather than advising them to support a criminal enterprise.

The best course of action to protect yourself from ransomware is to keep your machine updated with a reputable anti-malware product. Also, please be sure to keep current backups of all our data in a safe location that is not always connected (either physically or virtually) to your machine.

 

bob covelloAbout the Author: Bob Covello (@BobCovello) is a 20-year technology veteran and InfoSec analyst with a passion for security topics. He is also a volunteer for various organizations focused on advocating for and advising others about staying safe and secure online.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Title image courtesy of ShutterStock

 

Endpoint Detection & Response For Dummies
  • Drew Winters

    “Perhaps a particular government agency could use that to help victims rather than advising them to support a criminal enterprise.” – I think you struck the right cord on this one. With the most recent comments from the FBI, in where they advised people to simply pay up, it gives me very little hope that they are actually trying to win this war. It is up to us to do it, and there already are a lot of companies that do that. Restore software from third party outlets (ie rollback rx, reboot restore) is a good example.