Ransomware is on the increase, and while most threats request money in return for encrypted files, hackers are using other ways to extract payment from their victims, explains DOROS HADJIZENONOS, country manager, Check Point South Africa.
Ransomware is an ever-increasing threat worldwide, claiming new victims on a regular basis with no end in sight. While most ransomware families prevent the victims from accessing their documents, pictures, databases and other files by encrypting them and offering a decryption key in return for a ransom payment, others use different, but no less creative ways to extract payment from their victims. Here are some examples:
Smart devices are known to be a soft spot targeted by threat actors for various purposes. In August 2016, security researchers demonstrated their ability to take control of a building’s thermostats and cause them to increase the temperature up to 99 degrees Celsius. This was the first proof of concept of this kind of attack, showing a creative way to put pressure on victims and drive them to pay ransom or risk consequences such as a flood or an incinerated house.
In November 2016, travellers in the San Francisco MUNI Metro were prevented from buying tickets at the stations due to a ransomware attack on MUNI’s network. In this case the attackers demanded $70,000 in BitCoins. In January 2017, a luxurious hotel in Austria was said to suffer an attack on its electronic key system, resulting in guests experiencing difficulties in going in or out of their rooms. The attackers demanded $1,500 in BitCoins. Whether or not this story is accurate, it demonstrates how creative this type of attack can get.
The growing use of IoT devices will likely make this attack vector more and more common in the future. For example, the potential exploitation of vulnerabilities inside smart, implantable cardiovascular defibrillators, can allow an attacker to put a victim’s life at risk until the ransom is paid. As IoTs become more widespread in our everyday life, threat actors will find new, horrifying ways to subjugate victims for profit.
Hostage data ransomware
A more direct approach is to steal data from victims and threaten to expose it unless a ransom payment is received by a certain deadline. This generic modus operandi has been used by different malware families and campaigns. For example, in May 2016, over 10 million customer records of a leading South Korean online shopping mall were stolen, including names, addresses and phone numbers. The attackers demanded a ransom of $2,664 in BitCoins to prevent release of the information online.
Another example is Charger, a screen-locker Android ransomware discovered by Check Point researchers in January 2016. The attackers threatened to sell stolen data from targeted devices unless they receive a ransom of 0.2 BitCoins (approximately $180). The malware is embedded in a mobile app named EnergyRescue, downloaded from Google Play.
Another method for attackers is threatening to conduct a denial of service attack unless a ransom is paid. With the growing use of botnets for DDoS attacks, this attack vector is especially common against banks, and is very attractive as it is far simpler than developing a ‘traditional’ file-encrypting ransomware. This attack vector made headlines in January 2017 when it was used in an attack against the web portal of the British Lloyds Bank. The attackers issued a DDoS threat with a demand of 100 BitCoins (worth approximately $94,000).
Some ransomware simply prevent victims from using their devices by locking their screens. There are different ways to conduct a screen locking attack, but common features include cancelling all options to close a program or to shut it down. Examples of such ransomware are DeriaLock (December 2016), which targets PCs and demands a payment of $30 for unlocking; and Flocker (May 2015), an Android screen locker which targets smartphones and Android-run smart TVs, and demands an iTunes gift card worth $200 as payment.
Ransomware attacks are a popular way for threat actors to make easy profits, as the payment is made anonymously using anonymous BitCoin wallets rather than bank transfers. The motivation for victims to cooperate is high, as their personal data is on the line. While most ransomware families encrypt files, some use creative ways to drive victims to pay. By preventing victims from accessing their machines, creating real damage or exposing sensitive data, the attackers are able to bypass the complexities of managing an encryption and decryption process. We estimate that the use of alternative ransomware, especially DDoS and IoT ransomware, will keep on growing in the near future, as IoT devices and web services continue to become more widespread.
How to protect yourself
We highly recommend you take these steps to protect yourself from ransomware or mitigate their effects:
- Backup your most important files – Make an offline copy of your files on an external device and an online cloud stage service. This method protects your files not only from ransomware but from other hazards as well. Note: external devices should be used for backup ONLY and be disconnected immediately after the backup is completed.
- Exercise caution – We usually don’t sense any danger while using our computers or other devices, but it’s there. Threat actors are constantly trying to steal your money, your private data and your machine resources – don’t let them have it. Don’t open e-mails you don’t expect to receive, don’t click links unless you know exactly what they are and where they lead, and if you are asked to run macros on an Office file, DON’T! The only situation in which you should run macros is in the rare case that you know exactly what those macros will do. Additionally, keep track of the latest major malware campaigns to ensure that you will not fall victim to a new and unique phishing technique or download a malicious app, which can lead to malware installation on your computer or theft of your credentials.
- Have a comprehensive, up-to-date, security solution – High quality security solutions and products protect you from a variety of malware types and attack vectors. Today’s Anti-Virus, IPS and sandboxing solutions can detect and block Office documents that contain malicious macros, and prevent many exploit kits from exploiting your system even prior to the malware infection. Check Point Sandblast solution efficiently detects and blocks ransomware samples, and extracts malicious content from files delivered by spam and phishing campaigns. Installing your IoT devices behind a Security Gateway will keep them safe as well.
Mobile is the new branch
Standard Bank has launched an account for mobile devices that gives back 500MB of data a month
Standard Bank has introducd a R4.95p/m bank account called MyMo that customers can open on their mobile devices, loaded with data and airtime offerings and other benefits such as virtual and Gold physical card.
MyMo account holders will also enjoy the convenience of a cheque account through a Visa and Mastercard gold card. Once the account is open, users can choose to either receive R50 in airtime or 500MB of data a month, if their card is swiped more than four times a month. A further megabyte of data is loaded on the account for every R20 spent.
“MyMo is an account for everyone, whether you just landed your first job or have been around the block. With no documentation required it only takes a few minutes to open the account,” says Funeka Montjane, Chief Executive for Personal and Business Banking, South Africa, at Standard Bank Group. “For just R4.95 a month customer will be able to enjoy free swipes and ATM withdrawals at only R6.50 for amounts under R 1 000.
“Mobile is the new branch. This account is about bringing the mobile branch into customers hands, it is about convenience and security while banking.”
She says mobile offers low cost transactional banking which integrates people and businesses into the new connected economy, making mobile the new branch ecosystem that will drive and connect Africa’s growth. Physical connections to the economy are rapidly changing to digital where banks have to move from being financial institutions to service organisations.
“In the past people congregated in communities and eventually cities to maximise the advantages of connectivity. Today a simple hand-held device has the potential to open infinite doors, transforming individuals’ access to opportunities, regardless of where they are, and like never before in history.
“Historically, a bank account represented access to economic citizenship. Today, having a simple device enabling digital access to a modern banking platform is a passport to global connectivity and vast human development potential.”
The bank says it is using technology, and mobile phones in particular, to deliver low-cost transactional channels accessible to all our customers. The evolution in mobile can be seen in transaction options like cash back at the retail checkout till rather than the ATM, free digital banking rather than using a branch, and the ability to transact using digital wallets, even without a bank account.
“Developing comprehensive connected ecosystems requires a mind-set change from Africa’s banks,” says Montjane. “Banks will evolve away from traditional financial service organisations, into service ecosystems enabling broad universal access to almost everything like enhanced purchasing experiences of vehicles and homes, online procurement of goods and services and lifestyle elements like rewards and travel.
“These connectivity drivers will also act to future-proof evolving connectivity ecosystem by allowing us to offer untold future services while deriving income from as yet unrealised revenue streams,.
From a customer perspective, the kind of ecosystems of knowledge, access and, ultimately, connectivity that banks will come to provide will radically transform the share of life that almost all individuals will be able to access.”
Two-thirds of SA staff hide social media from bosses
With 90% of people in employment going online several times a day, it can be hard for most workers to keep their private and work-life separate during the working day (and beyond). The recently published Global Privacy Report from Kaspersky Lab reveals that 64% of South African consumers choose to hide social media activity from their boss. This secretive stance at work also extends to their colleagues, with 60% of South Africans also preferring not to reveal online activities to their co-workers.
Globally, the average employee spends an astonishing 13 years and two months at work during their lifetime. Interestingly though, not all this time is directly related to solving work tasks or earning a promotion: almost two thirds (64%) of consumers admit visiting non-work-related websites every day from their desk.
Not surprisingly, 35% of South African employees are against their employer knowing which websites they visit. However, more interestingly, 60% of South African are even against their colleagues knowing about their online activities. This probably means that colleagues constitute an even greater threat to future perspectives of an office slouch or maybe the relationships with colleagues are more informal and therefore, more valuable.
On the contrary, social media activity appears to be a less private domain for many and therefore, more suitable for sharing with colleagues but not the boss. This is probably because workers fear harming the public image of a company or interest in decreased staff productivity motivates companies to monitor employees’ social networks and make career changing decisions based on that. Such policies have led to 64% of South Africans saying that they don’t want to reveal their social media activities to their boss and 53% even don’t want to disclose this information to their colleagues.
A further 29% are against showing the content of their messages and emails to their employer. In addition, 3% even said that their career was irrevocably damaged as a consequence of their personal information being leaked. Thus, people are worried about how to build a favourable internal reputation and how not to destroy existing workplace relationships.
“As going online is an integral part of our life nowadays, lines continue to blur between our digital existence at work and at home. And that’s neither good nor bad. That’s how we live in the digital age. Just keep remembering that as an employee you need to be increasingly cautious of what exactly you post on social media feeds or what websites you prefer using at work. One misconceived action on the internet could have an irrevocable long-term impact on even the most ambitious worker’s ability to climb the career ladder of their choice in the future,” comments Marina Titova, Head of Consumer Product Marketing at Kaspersky Lab.
To ensure workers don’t fall prey of the internet threats at a work, there are some core guidelines to adhere to in the digital age:
- Don’t post anything that could be considered defamatory, obscene, proprietary or libellous. If in doubt, don’t post.
- Be aware that system administrators may at least, in theory, be informed about your web browsing patterns.
- Don’t harass, threaten, discriminate or disparage against any colleague, partner, competitor or customer. Neither on social networks or in messages, emails, nor by any other means.
- Don’t post photographs of other employees, customers, vendors, suppliers or company products without prior written permission.
- Start using Kaspersky Password Manager to ensure your social media and other personal accounts are not at risk of unauthorised access by someone else in an office. Install a reliable security solution such as Kaspersky Security Cloud to protect your personal devices.