Tag Archives: ransomware

What Would You Pay for Your Own Files? The Cost of Ransomware

Alina Simone’s gripping 2015 account of her mother’s extortion ordeal was the first time many non-tech people had heard the term “Ransomware”. It presented a threat that felt intensely personal. It blocked access to data we use to define ourselves: family photos, letters to relatives, tax and financial records, and beloved music and movies.

Flash forward a year, and ransomware is all over the media. The reason for its rise is simple: money.

Before the emergence of ransomware, criminals mainly used (and still use) malware to take control of machines. Malicious code harvested user names, passwords, and credit card numbers. It might have also used infected PCs in a botnet for sending spam or launching attacks that shut down major websites, usually as a decoy while hackers broke in elsewhere.

For Criminals, Ransomware Is Lucrative

Ransomware cuts out the digital middlemen. Rather than collect credit card details that must then be sold on the dark web for a few cents to a few dollars, ransomware demands money directly from the victims. While the amount varies, it tends to be few hundred dollars for individuals.

Yet these small sums are taking a heavy toll. The exact number of ransomware attacks is hard to gauge, as many go unreported. But according to our data they are rising fast. While official complaints about ransomware (and ransoms paid) to the US Department of Justice amounted to only around $24 million in damages in 2015, other numbers are much higher. In April, CNBC estimated the cost of ransomware at around $200 million in the first three months of 2016 alone. Late last year, the Cyber Threat Alliance stated that a single piece of ransomware, CrytopWall v3, resulted in an estimated $325 million in damages worldwide over the course of its lifetime. And as far back as June 2014, the FBI issued a report saying CryptoLocker swindled more than $27 million from users over a two-month period.

Bigger Targets May Mean Bigger Paydays

These numbers speak to the audacity of ransomware purveyors. The long-tail effect of attacking individuals has proven so lucrative, it is unlikely to ever go away. But many organizations also hold sensitive customer data that needs to be protected both to ensure effective service and consumer privacy. That makes them particularly juicy targets to hackers.

Healthcare provides are a case in point. If they lose control of patient information, they may be unable to deliver treatment when needed. There are also strict legal requirements governing the protection of patient data. Both make them subject to lawsuits that could cost them far more than what they would have to pay in ransom. A hospital in Hollywood, California, paid $17,000 in bitcoin to hackers after being locked out of their data. Fortunately, so far, other reported attacks have fared less well. Healthcare providers in Kentucky and Ottawa refused to pay, as no patient data was compromised; and an attack in Germany was quickly contained by fast-acting IT staff.

Still, the hospitals have had to invest considerable time and resources into fighting the attacks. They will also need to launch multiple efforts internally and externally to restore patient trust.

And hospitals are not alone.  A 2016 report by the Institute for Critical Infrastructure Technology, an industry think tank, declares 2016 the year of ransomware, suggesting few organizations are safe. For instance, systems at an Israeli electrical utility were infected by ransomware after a phishing attack. A utility in Michigan has been allegedly attacked. Multiple police stations have been hit and paid ransoms to regain access to their systems. Local governments are increasingly feeling the pressure, with attacks reported in places as diverse as Alto City, Texas, and Lincolnshire, UK. And criminals have subverted online adverts of venerable media organizations, such as the BBC and NYT, turning their websites into potential sources of drive-by ransomware.

The Right Protection Saves Money

This is why protection is essential, especially for individual users, most of whom lack the expertise and resources of even modest city councils and small hospitals. Over a three-month period earlier this year, a conservative estimate by AVG is that its antivirus prevented around $47 million in extortion demands through the interception of just three types of ransomware: Cryt0L0cker, CryptoWall, and TeslaCrypt. And that number says nothing of the mental and emotional costs that would have resulted from feeling violated or the costs of replacing machines, software, and media if a victim decided not to pay.

AVG does not recommend paying. There is no guarantee criminals will release the files. They may also leave a piece of malicious code behind that allows them to strike again. It is better to call tech support, salvage what you can, make frequent backups, and build a fortress around your PC – and thus prevent the writing of another news story like Alina Simone’s.

What is ransomware?

Ransomware – it’s the online threat everyone’s talking about. Crypt0L0cker was one of the first on the scene in 2013; and since then, the costs of attacks continue to grow.

As an individual or business owner, you may be wondering just what ransomware is, what kind of risk it poses to you, and how attacks like these can occur.

Here’s the breakdown.

What is ransomware?

Ransomware is a type of malware with the ability to silently encrypt your files, before demanding payment for their return – often with a time limit.

And not only does ransomware target your most valuable files, like photos, documents and spreadsheets, it can also lock down system files to render your web browser, applications, and entire operating system unusable.

Our VirusLab has analyzed many variants of ransomware, including the well-known Crypt0L0cker, Locky, and TeslaCrypt.

But the threat isn’t limited to PCs. Both Android™ mobile devices and Macs can be infected as well.

How does ransomware get on my PC?

Most commonly, ransomware is spread via malicious email links and attachments – often concealed by changing the file extension and compressing the malicious code into a zip file. Opening the file infects your system.

Ransomware can also be bundled into other applications, such as games, video players, etc. So any application from an unknown or untrusted publisher is a potential risk upon installation.

Once on your system, ransomware works in the background, connecting to a remote server to encrypt single files, whole directories of files, or complete drives.

How do I know if my PC is infected?

You’ll see a message pop up demanding payment, which can range from a few hundred to tens of thousands of dollars. Payment must usually be made in some form of anonymous currency, like Bitcoin.

But even if you pay the ransom, there are no guarantees your files will be unlocked.

So naturally, this kind of malware has incredibly serious consequences, particularly for businesses holding sensitive customer information or internal data that’s not securely backed up.

Does AVG protect against ransomware?

It sure does. Both our PRO and FREE versions of PC antivirus provide protection against ransomware. This goes for AVG Business Editions, too.

Our protection is multi-layered. Not only do we check against known malware variants and behavioral patterns in our virus database, we also further test previously unseen files in a secure virtual environment before they are executed on your PC. This is done using artificial intelligence, sophisticated behavioral analysis and various other methods.

And we automatically update it all, so you stay protected.

Multi-layered security approach battles Ransomware

From Locky to SamSam, JIGSAW to CryptoLocker, today’s ransomware variants can take down businesses with dramatic consequences.

Ransomware will prevent file access, web browsers, applications, and entire operating systems – holding the lifeblood of a business operation ‘hostage’ until a ransom is paid.

At AVG, we use a multi-layered security approach with multiple layers of inspection and testing to identify and eliminate a wide variety of malware, including ransomware. When accessing a file, our multi-layered security approach uses several different inspection and detection techniques, as detailed below, to determine whether the file is malicious.

This is reflected in our security technology engine powering our AVG Antivirus Business Edition and Internet Security Business Edition software solutions.

Simply described, the process includes these layers:

  • Files are first compared to any known variants in a malware database – both the metadata and content of the files are analyzed
  • Files are then tested in an emulator (a virtual computer)
  • Now that the file is running, its behavior is assessed using a variety of techniques, including Artificial Intelligence algorithms
  • Behavioral assessments occur in the AVG application and in the cloud, but they all work together behind the scenes and in real-time to determine whether a file is malicious
  • If the file is determined to be malware, it is quarantined, and AVG’s Crowd Intelligence feature updates all AVG software

We also regularly submit our security software to independent test labs. Results from these independent tests serve as more proof points to the effectiveness of our technology and multi-layer approach. Our latest round of testing by AV-Test.org earned a six out of six rating – the highest rating for protection. In a recent Real-World Protection Test by AV Comparatives, AVG scored a 99.8% detection rating.

It is difficult to predict and guard against everything hackers may throw our way, but in the face of constantly evolving threats, a multi-layered security approach is a smart strategy.

To find out more about our AVG Business Edition solutions, please visit our business security page.

Ransomware Virus Shuts Down Electric and Water Utility

Ransomware has become an albatross around the neck, targeting businesses, hospitals, and personal computers worldwide and extorting Millions of Dollars.

Typical Ransomware targets victim’s computer encrypts files on it, and then demands a ransom — typically about $500 in Bitcoin — in exchange for a key that will decrypt the files.

Guess what could be the next target of ransomware malware?