Ransomware is on the increase, and while most threats request money in return for encrypted files, hackers are using other ways to extract payment from their victims, explains DOROS HADJIZENONOS, country manager, Check Point South Africa.
Ransomware is an ever-increasing threat worldwide, claiming new victims on a regular basis with no end in sight. While most ransomware families prevent the victims from accessing their documents, pictures, databases and other files by encrypting them and offering a decryption key in return for a ransom payment, others use different, but no less creative ways to extract payment from their victims. Here are some examples:
Smart devices are known to be a soft spot targeted by threat actors for various purposes. In August 2016, security researchers demonstrated their ability to take control of a building’s thermostats and cause them to increase the temperature up to 99 degrees Celsius. This was the first proof of concept of this kind of attack, showing a creative way to put pressure on victims and drive them to pay ransom or risk consequences such as a flood or an incinerated house.
In November 2016, travellers in the San Francisco MUNI Metro were prevented from buying tickets at the stations due to a ransomware attack on MUNI’s network. In this case the attackers demanded $70,000 in BitCoins. In January 2017, a luxurious hotel in Austria was said to suffer an attack on its electronic key system, resulting in guests experiencing difficulties in going in or out of their rooms. The attackers demanded $1,500 in BitCoins. Whether or not this story is accurate, it demonstrates how creative this type of attack can get.
The growing use of IoT devices will likely make this attack vector more and more common in the future. For example, the potential exploitation of vulnerabilities inside smart, implantable cardiovascular defibrillators, can allow an attacker to put a victim’s life at risk until the ransom is paid. As IoTs become more widespread in our everyday life, threat actors will find new, horrifying ways to subjugate victims for profit.
Hostage data ransomware
A more direct approach is to steal data from victims and threaten to expose it unless a ransom payment is received by a certain deadline. This generic modus operandi has been used by different malware families and campaigns. For example, in May 2016, over 10 million customer records of a leading South Korean online shopping mall were stolen, including names, addresses and phone numbers. The attackers demanded a ransom of $2,664 in BitCoins to prevent release of the information online.
Another example is Charger, a screen-locker Android ransomware discovered by Check Point researchers in January 2016. The attackers threatened to sell stolen data from targeted devices unless they receive a ransom of 0.2 BitCoins (approximately $180). The malware is embedded in a mobile app named EnergyRescue, downloaded from Google Play.
Another method for attackers is threatening to conduct a denial of service attack unless a ransom is paid. With the growing use of botnets for DDoS attacks, this attack vector is especially common against banks, and is very attractive as it is far simpler than developing a ‘traditional’ file-encrypting ransomware. This attack vector made headlines in January 2017 when it was used in an attack against the web portal of the British Lloyds Bank. The attackers issued a DDoS threat with a demand of 100 BitCoins (worth approximately $94,000).
Some ransomware simply prevent victims from using their devices by locking their screens. There are different ways to conduct a screen locking attack, but common features include cancelling all options to close a program or to shut it down. Examples of such ransomware are DeriaLock (December 2016), which targets PCs and demands a payment of $30 for unlocking; and Flocker (May 2015), an Android screen locker which targets smartphones and Android-run smart TVs, and demands an iTunes gift card worth $200 as payment.
Ransomware attacks are a popular way for threat actors to make easy profits, as the payment is made anonymously using anonymous BitCoin wallets rather than bank transfers. The motivation for victims to cooperate is high, as their personal data is on the line. While most ransomware families encrypt files, some use creative ways to drive victims to pay. By preventing victims from accessing their machines, creating real damage or exposing sensitive data, the attackers are able to bypass the complexities of managing an encryption and decryption process. We estimate that the use of alternative ransomware, especially DDoS and IoT ransomware, will keep on growing in the near future, as IoT devices and web services continue to become more widespread.
How to protect yourself
We highly recommend you take these steps to protect yourself from ransomware or mitigate their effects:
- Backup your most important files – Make an offline copy of your files on an external device and an online cloud stage service. This method protects your files not only from ransomware but from other hazards as well. Note: external devices should be used for backup ONLY and be disconnected immediately after the backup is completed.
- Exercise caution – We usually don’t sense any danger while using our computers or other devices, but it’s there. Threat actors are constantly trying to steal your money, your private data and your machine resources – don’t let them have it. Don’t open e-mails you don’t expect to receive, don’t click links unless you know exactly what they are and where they lead, and if you are asked to run macros on an Office file, DON’T! The only situation in which you should run macros is in the rare case that you know exactly what those macros will do. Additionally, keep track of the latest major malware campaigns to ensure that you will not fall victim to a new and unique phishing technique or download a malicious app, which can lead to malware installation on your computer or theft of your credentials.
- Have a comprehensive, up-to-date, security solution – High quality security solutions and products protect you from a variety of malware types and attack vectors. Today’s Anti-Virus, IPS and sandboxing solutions can detect and block Office documents that contain malicious macros, and prevent many exploit kits from exploiting your system even prior to the malware infection. Check Point Sandblast solution efficiently detects and blocks ransomware samples, and extracts malicious content from files delivered by spam and phishing campaigns. Installing your IoT devices behind a Security Gateway will keep them safe as well.
Win a Poster Heater with Gadget and Takealot.com
This winter Gadget and Takealot.com are giving away three Poster Heaters, which look like posters but become heaters when you plug them in.
Three Gadget readers will each win a unit, valued at R550 each. To enter, follow @GadgetZA and @Takealot on Twitter and tell us on the @GadgetZA account how many Watts the heater consumes.
What’s the big deal about these heaters? Many of us are struggling to keep the balance between soaring electricity costs and the need to keep warm this winter.
However, the recently launched Poster Heater by EasyHeat and distributed in South Africa by Takealot.com is not only one of the most cost effective electric heaters currently on the market, it is also easy to setup and use.
As the name indicates, it is a poster similar to one you would hang on a wall. But, plug it in and it turns into a 300 Watt heater. The Poster Heater isn’t designed to heat hallways or large rooms, but rather smaller ones like a bedroom or a baby’s nursery or a dressing room.
It uses radiant heating, which means that it heats up in a couple of minutes and the heat is directed at the objects or people around it, quickly taking the chill out of the air and providing a comfortable ambient temperature.
The other advantage of radiant heating is that it doesn’t dry out the air like infrared or gas heaters. Users also don’t have to worry about their children or pets getting too close to it because, even though it gets hot, it can be touched.
To enter the competition follow the steps below:
Competition entry details:
3. The competition closes on 31 July 2018.
4. Winners will be notified via Twitter on 1 August and Takealot.com will be in touch to organise delivery.
5. The competition is only open to South African residents.
Happy Emoji Day! Here’s 10 reasons to be cheerful
First created by Shigetaka Kurita in 1999, the emoji has become a huge part of everyday communication. Whether you love them or hate them, flying dollar bills, applauding hands and rolling eyes are here to stay.
Scientist suggest that the use of emojis will help us gain the same satisfaction from digital interactions as we enjoy from personal contact.
Almost two decades later, and we have over 2600 unique emojis to perfectly express what we feel, thank you Mr Kurita! Join HMD, the home of Nokia phones as we celebrate World Emoji Day on the 17th of July with these interesting emoji facts:
The most popular emoji used is “Person Shrugging”
1. The Nokia 3310 was chosen as one of the first 3 “National” emojis for Finland… it represents unbreakable!
2. South Africa’s favourite emoji is the “Kiss and wink”… how sweet SA!
3. French is the only language where a ‘smiley’ does not top the list for its use
4. On average, over 60 billion emojis are sent on Facebook every day
5. For the first time ever, the Oxford Dictionaries Word of the Year was a pictograph! The “Face with Tears of Joy” was crowned word of the year in 2015
6. According to Emojipedia, some of the most requested emoji’s include afro, a bagel and hands making a heart
7. To include all races, a diversity pack was released in 2017
8. It has become so trendy that the Museum of Modern Art displays the original emoji collection on canvas
9. In 2009, Herman Melville’s classic Moby Dick was completely translated into emoji’s